%term

Say Hello to Ask Pepper AI: Turning API Security into a Conversation

Dec 1, 2025 By Eric Schwake In Salt Security

In the world of cybersecurity, we have a "data" problem. We have more of it than ever before, more logs, more alerts, and definitely more APIs. But recently, this challenge has compounded. The rise of Agentic AI and Model Context Protocols (MCPs) has exploded the number of machine-to-machine connections in our environments. These agents spin up new pathways and access data in ways that are often invisible to traditional monitoring.

Read Post

Salt Security

Read more about Say Hello to Ask Pepper AI: Turning API Security into a Conversation

Why Java Is a Powerhouse for Web APIs: Benefits for Scalable, Secure, and Smart Backend Development?

Nov 29, 2025 By SecuritySenses In SecuritySenses

Discover the top benefits of using Java for web APIs, including high performance, scalability, and robust security. Ideal for enterprise-level backend development and cloud deployments.

Read Post

SecuritySenses

Read more about Why Java Is a Powerhouse for Web APIs: Benefits for Scalable, Secure, and Smart Backend Development?

Optus Breach Lessons: Top 10 API Security Takeaways

Nov 28, 2025 By AppSentinels In AppSentinels

In September 2022, Australia woke up to the largest data breach in its history. Optus, the country’s second-largest telecom disclosed that the personal information of nearly 10 million people had been exposed. To put that in perspective, that’s almost 40% of the entire population. Among the data spilled were 2.1 million government-issued IDs – passports, driver’s licenses, Medicare cards – the kind of information that isn’t just sensitive, but life-defining.

Read Post

AppSentinels

Read more about Optus Breach Lessons: Top 10 API Security Takeaways

Bug Bounty Programs (2025) | Definition, Platforms & Costs

Nov 28, 2025 By AppSentinels In AppSentinels

“Tech giants pay hackers millions to hack them – on purpose.” What once sounded like a risky experiment has now become standard practice in cybersecurity. Bug bounty programs have moved from the fringes into the mainstream because traditional defenses alone can’t keep up with today’s scale and sophistication of attacks.

Read Post

AppSentinels

Read more about Bug Bounty Programs (2025) | Definition, Platforms & Costs

Quttera Launches "Evidence-as-Code" API to Automate Security Compliance for SOC 2 and PCI DSS v4.0

Nov 27, 2025 By Quttera

New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence.

Read Post

Read more about Quttera Launches "Evidence-as-Code" API to Automate Security Compliance for SOC 2 and PCI DSS v4.0

Hackers Skipped the Payment Step: BLA 4 is Pure Logic Evasion #transitionvalidation #businesslogic

Nov 27, 2025 By Wallarm In Wallarm

Missing Transition Validation (BLA 4) is a subtle but devastating threat. It exploits the sequence of steps in your application's workflow. The flaw? Your application fails to check that Step 2 (Payment) occurred before allowing access to Step 3 (Confirmation). The attacker simply draws a line straight to the goal! This attack is: Difficult to Detect: It uses valid requests in an invalid sequence. Tightly Coupled: It's unique to your application's specific logic. You need deep, sequence-aware runtime protection.

View Video

Wallarm

Read more about Hackers Skipped the Payment Step: BLA 4 is Pure Logic Evasion #transitionvalidation #businesslogic

Find the Invisible: Salt MCP Finder Technology for Proactive MCP Discovery

Nov 25, 2025 By Eric Schwake In Salt Security

The conversation about AI security has shifted. For the past year, the focus has been on the model itself: poisoning data, prompt injection, and protecting intellectual property. These are critical concerns, but they miss the bigger picture of how AI is actually being operationalized in the enterprise. We are entering the era of Agentic AI. AI is no longer just generating text; it is taking action. Autonomous agents read customer tickets, query databases, update financial records, and trigger workflows.

Read Post

Salt Security

Read more about Find the Invisible: Salt MCP Finder Technology for Proactive MCP Discovery

The Missing Link in OWASP is Found: Business Logic Abuse#owasp #owasptop10 #businesslogic

Nov 25, 2025 By Wallarm In Wallarm

For years, security lists focused on technology (Cloud , Mobile , Serverless ). We desperately needed a list that focused on the core problem: flawed application logic, regardless of the stack. The OWASP Top 10 Business Logic Abuse (BLA) list fills that critical, architectural gap. Why? Because exploitation often happens between technologies, not within them. We must be able to categorize and talk about these intricate logic threats in a technology-agnostic way.

View Video

Wallarm

Read more about The Missing Link in OWASP is Found: Business Logic Abuse#owasp #owasptop10 #businesslogic

Solving Al Agent Sprawl: API Governance Across Multi Gateway Environments

Nov 24, 2025 By Salt Security In Salt Security

As organizations accelerate adoption of AI agents, autonomous workflows powered by LLMs and MCP servers are rapidly proliferating across internal systems, partner networks, cloud environments, and API gateways. The result? A sprawling, often invisible attack surface: shadow APIs, duplicate endpoints, context drift, unmanaged agent access, inconsistent policies, and risk of data exposure or compliance failures.

View Video

Salt Security

API
Security

Read more about Solving Al Agent Sprawl: API Governance Across Multi Gateway Environments

Secure your APIs at the edge with Datadog App and API Protection

Nov 21, 2025 By Flavien Darche In Datadog

Modern applications are constantly exposed to various malicious activities, including credential stuffing, API abuse, and advanced injection attacks. Many of these threats can be stopped at the network edge, before they ever reach your application. That’s why Datadog App and API Protection offers real-time threat detection and blocking for popular edge proxies and load balancers, which include integrations for Envoy, Istio, NGINX, and Google Cloud Load Balancers (using Google Service Extensions).

Read Post