Bearer CLI's CI/CD integration with GitLab is a great way to add security scanning to your projects. We've taken things a step further and now support GitLab's SAST security scanner integration directly in GitLab CI for GitLab Ultimate users. This feature is available in Bearer CLI v1.9.0 and later. See our upgrade guide for your platform. Let’s dive into how it works.

It’s hard to be in the realm of technology and not hear about APIs these days. Whether it’s the launch of the ChatGPT API or news of a significant data breach at Twitter, APIs are having their time in the spotlight. Yet, despite their ubiquity, many still have questions about APIs' capabilities (and limitations). What are APIs for? What do they do? And what are they unable to do in the current era?

APIs power today’s digital economy and enable organizations to succeed in their business innovation efforts. Because every company’s APIs are unique, so are its security gaps, which bad actors will inevitably try to exploit. Only through rich context and deep behavioral analysis can these attackers be stopped. Many of the APIs that enable today’s applications and business services live and breathe within the Amazon Web Service (AWS) ecosystem.

The Open Web Application Security Project (OWASP) is a non-profit foundation devoted to web application security. One of OWASP's guiding principles is that all of their resources should be freely available and simple to find on their website, enabling anyone to increase the security of their own web applications. They provide forums, tools, videos, and documentation among other things.

APIs were already ubiquitous in driving modern applications. However, the pandemic has further accelerated growth in innovation and expansion of digital services, making APIs even more widespread. In today’s world, rapid innovation would not be possible without secure APIs. Attacks on APIs are increasing exponentially. Gartner suggests API abuses are the most significant attack vector since 2022. Hence securing APIs is more critical than ever in the past.

As part of Bearer CLI v1.9.0 release, we're thrilled to offer improved code scanning integration with GitHub for our open-source security scan. In this article, we'll briefly go over the format that makes this possible, how it works, and how you can start using it today.

The digital world has brought advancements in all sorts of life. The applications communicate with each other over the internet to deliver effective service. API is an application language that interacts with the application server to extract the client’s intended information and produce it readable. It is estimated that the global API market will reach about 13.7 billion US dollars by 2027. This user-friendly software makes the business organization widely adopt it to enhance their growth.

Since a lot of our customers build and run their applications in AWS, our partnership and joint solution delivery with AWS provides enormous value. We’re excited to share that we’ve deepened our ties to AWS in two compelling ways, by achieving AWS WAF Ready Status and earning AWS Security Competency. Salt is the first and only API security company in both of these vital AWS programs.

Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month.

Security misconfigurations are very common security risks, not just in web applications but also in APIs. They have been consistently part of the OWASP Top 10 Web Application Vulnerabilities. They were part of the original OWASP Top 10 API Security Risks published in 2019 and have now made it to the updated 2023 list. Security misconfiguration maintains its 7th rank in OWASP Top 10 API 2023RC owing to its widespread prevalence, easy exploitability, and easy detectability.