Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework (CSF). It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to v2.0, and how it applies to API security. Raj and Tim really dug deep into a lot of issues, and answered a lot of questions from the audience.

Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.

If you want to visualize how data flows across your connected applications, you can think back to that childhood game of Chutes and Ladders (also called Snakes and Ladders). As a kid, the board felt like a confusing grid that had the weirdest, seemingly arbitrary connections between blocks. In your modern digital environment, your Application Programming Interfaces (APIs) fulfill the same role that the ladders and chutes/snakes fulfilled, connecting disparate blocks across a larger whole.

Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery (SSRF). In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

A little over 5 months ago, we launched our free and open code security product Bearer CLI to help teams identify both security and privacy risks in the earliest stages of the software development process. Please join us in celebrations, as today we are very excited to have achieved a key milestone in our journey - 100,000 code security scans!

Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.