When people talk about complex, interconnected ecosystems, they’re really talking about how applications share data and communicate with each other. Like the air-lock on a spaceship lets people pass between physical environments, Application Programming Interfaces (APIs) enable data to pass between digital environments. However, since APIs act as access points between applications, they create potential security risks.

Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those vulnerabilities, this incident provides a good reminder that not all vulnerabilities are flaws in code. In fact, this API was working as designed.

We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four (4) days.

The neon lights of Black Hat and DEF CON, with their flashing demos and groundbreaking presentations, often dazzle attendees and cyber enthusiasts alike. From AI-driven hacking tools to quantum encryption, the subjects covered span a vast spectrum. However, as with any vibrant city, these include areas of risk and concern. For Black Hat 2023 events, APIs are core to these areas.

Businesses of all sizes are increasingly relying on APIs to connect with their customers, partners, and other systems. APIs, or application programming interfaces, are the building blocks of the modern web, and they allow businesses to share data and functionality in a secure and efficient way. Without APIs, businesses are limited in their ability to innovate and grow. They lack the ability to integrate with other systems, create new products and services, or reach new markets.

What does a good DevSecOps pipeline should look like from a code security perspective? We hear this question often, and even though there are multiple answers, we’ve put together a blueprint that everybody could easily start with.

It never gets old! We’re excited to share that Salt has won yet another award — our 15th award this year! This time, we have been named the “Best API Security Solution” in the renowned 2023 SC Awards. The SC Awards are cybersecurity’s most prestigious and competitive honor. The premier recognition program honors outstanding innovations, organizations and leaders that are advancing the practice of information security.