%term

New API testing category now available

Oct 23, 2025 By Detectify In Detectify

Our API scanner can test for dozens of vulnerability types like prompt injections and misconfigurations. We’re excited to share today that we’re releasing vulnerability tests for OAuth API authorization for organizations that use JWT tokens. These JWT, or JSON Web Tokens, are meant to prove that you have access to whatever it is you are accessing. One of the most critical JWT vulnerabilities is algorithm confusion.

Read Post

Detectify

Read more about New API testing category now available

After the AWS Outage: How to Build Systems That Survive

Oct 23, 2025 By Wallarm In Wallarm

When AWS goes down, the ripple effects are global, from authentication failures to service disruptions that bring businesses to a standstill. But while every outage makes headlines, the real question is: Why are so many organizations still unprepared? In this live fireside chat, Wallarm’s Field CTO, and STO of Security Edge, Tim Ebbers, unpacks the architectural lessons behind the latest AWS outage — and what engineering, DevOps, and security leaders can do today to prevent history from repeating itself.

View Video

Wallarm

Read more about After the AWS Outage: How to Build Systems That Survive

How I 'Hacked' an Online Store #businesslogic #ecommerce #cybersecurity #apisecurity

Oct 23, 2025 By Wallarm In Wallarm

A $10,000 Order for $1? Your Business Logic is Broken Attackers aren't just breaking code; they're exploiting the rules of your business to commit fraud. When your application's logic is flawed: Your payment and fulfillment systems can be desynchronized. You can lose massive revenue to easily preventable abuse. Your inventory and financial reporting become unreliable. Watch how a simple business logic flaw can lead to catastrophic financial loss in this real-world example. Is your e-commerce platform safe?

View Video

Wallarm

Read more about How I 'Hacked' an Online Store #businesslogic #ecommerce #cybersecurity #apisecurity

AWS Outage: Lessons Learned

Oct 21, 2025 By Wallarm In Wallarm

What can we learn from the recent AWS outage, and how can we apply those lessons to our own infrastructure?

Read Post

Wallarm

Read more about AWS Outage: Lessons Learned

API Security: Challenges for a Secure Digital Frontier

Oct 21, 2025 By Dora Miranda In Trustwave

Organizations continue their digital transformation, with APIs now serving as the main communication links between applications, platforms, services, and partners. The widespread use of APIs introduces new security risks despite their common presence. The growing number of APIs significantly increases the cyber risks that security teams must address as they keep up with technological advances.

Read Post

Trustwave

Read more about API Security: Challenges for a Secure Digital Frontier

Key API Security Takeaways from the Postman 2025 State of API Report

Oct 21, 2025 By Wallarm In Wallarm

API security has never been more important because modern APIs are operational necessities. Unfortunately, many organizations are failing to adapt their security models to a rapidly changing API threat landscape. Like it or not, we live in an AI-first world, and API security must reflect that reality. The Postman 2025 State of API Report is confirmation of that fact.

Read Post

Wallarm

Read more about Key API Security Takeaways from the Postman 2025 State of API Report

Building Chromegg: A Chrome Extension for Real-Time Secret Detection

Oct 20, 2025 By Andy Rea In GitGuardian

Ever accidentally pasted an API key into a web form? Chromegg is our new Chrome extension that scans form fields in real-time, alerting you BEFORE you submit secrets. Open-source & ready to use!

Read Post

GitGuardian

Read more about Building Chromegg: A Chrome Extension for Real-Time Secret Detection

10 Common Vulnerabilities Found During Software Audits - and How to Fix Them

Oct 20, 2025 By SecuritySenses In SecuritySenses

A software audit is not a checklist but a thorough examination into the internal workings of your system that lurking vulnerabilities are usually hiding. Thousands of breaches every year are due to organizations not paying early attention to software audit vulnerabilities that might have been noticed and eliminated at an early stage. This article exposes the top ten vulnerabilities that are oftentimes encountered during software audits, why they occur, and offers some remediation measures that can be taken.

Read Post

SecuritySenses

Read more about 10 Common Vulnerabilities Found During Software Audits - and How to Fix Them

Why API security is different (and why it matters)

Oct 14, 2025 By Joviane Jardim In Detectify

Two months since I joined Detectify and I’ve realized something: API security is a completely different game from web application security. And honestly? I think a lot of teams don’t see this yet.

Read Post

Detectify

Read more about Why API security is different (and why it matters)

Why You Should Never Use Basic Auth for Atlassian APIs in 2025

Oct 14, 2025 By Pallavi Narang In miniOrange

Basic Authentication is becoming obsolete for Atlassian APIs in 2025. With Atlassian enforcing token expiration and stricter security standards, it’s time to switch to modern methods like OAuth 2.0, JWT, or API Keys. miniOrange makes this migration seamless with secure, centralized, and auditable API access. Strengthen your Jira integrations while staying compliant and future-ready.

Read Post