Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

API

A New Strategy for Reducing API Risk

As organizations increasingly embrace APIs, a new challenge has emerged - the complexity of managing, securing, and understanding the sprawling API landscape within an organization. To tackle these concerns head-on, Salt Security has pioneered the industry's first API posture governance engine and a suite of advanced capabilities designed to bring clarity, security, and efficiency to your API ecosystem.

Blocking Compromised Tokens with Wallarm

In our Annual API ThreatStats report, we highlighted the increasing threat of API Leaks. An API Leak is the disclosure of sensitive API information, such as a token, credential, or private schema. These leaks can occur directly via the API itself, but also via third party tools used to manage source code, such as Github or Postman. API Leaks came in at number 4 in our dynamic top 10 list of API Security issues.

Announcing Graylog API Security v3.6

Graylog API Security v3.6 is here! Just taking the version number by itself, v3.6 sounds like an incremental step forward. But the truth is that v3.6 isn’t just a release milestone; it’s a huge inflection point in our mission to improve API security. There are multiple “firsts” in v3.6, which makes the total combination even more exciting.

Step-by-Step: Integrating SAST into Your Development Workflow

When it comes to software development, prioritizing security is essential. Static Application Security Testing (SAST) plays a key role in this by thoroughly analyzing your source code to identify potential vulnerabilities. It's like having a constant code reviewer focused on security, ensuring that your application is protected from the earliest stages of development.

Bulletproofing the retail cloud with API security

Application programming interface (API) security is critical for retailers increasingly reliant on cloud technology. However, they also open potential gateways for cyber threats, making robust security protocols essential to protect sensitive data and maintain customer trust. The complexity of retail systems, which often involve numerous third-party integrations, can create multiple points of vulnerability.

Securing the Gateway - Mastering API Security in the Modern Web Landscape

APIs are the backbone of modern web applications, yet we rarely assess security beyond the traditional WAFs and Gateways. In fact, in a recent scan of over 1.5k GraphQL endpoints revealed a staggering 46,000+ security issues and sensitive data leaks—all accessible without authentication, with 10% classified as critical. Due to API’s being widely used by developers, they have now become a favored attack vector for threat actors.

Stopping Credential Stuffing Attacks: We Need to Do Better

Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.

Server-Side Template Injection Vulnerability in Confluence Data Center and Server (CVE-2023-22527)

On January 16 2024, Atlassian issued a significant alert on a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server, identified as CVE-2023-22527. This issue found in older versions, poses a serious risk as it allows attackers without any authentication, to inject OGNL expressions. This means they could potentially run any code they want on the compromised system.

Introducing the Wallarm 2024 API ThreatStatsTM Report

The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular updates, and the adoption of latest advanced security solutions.