API

API7:2019 Security Misconfiguration: The What, Sample Exploits, and Prevention Methods

May 29, 2023 By Indusface In Indusface

Security misconfigurations are very common security risks, not just in web applications but also in APIs. They have been consistently part of the OWASP Top 10 Web Application Vulnerabilities. They were part of the original OWASP Top 10 API Security Risks published in 2019 and have now made it to the updated 2023 list. Security misconfiguration maintains its 7th rank in OWASP Top 10 API 2023RC owing to its widespread prevalence, easy exploitability, and easy detectability.

Read Post

Indusface

Read more about API7:2019 Security Misconfiguration: The What, Sample Exploits, and Prevention Methods

Salt Wins UK Trophy for Best Cybersecurity Solution!

May 26, 2023 By Brett Robinson In Salt Security

We have smashing news to share! Salt Security has been named Cybersecurity Solution of the Year in the Prestigious National Technology Awards – our first award in the UK and a brilliant recognition! Organized by National Technology News, the National Technology Awards celebrate the pioneers of technology and encourage excellence, providing the most comprehensive celebration of technology of the year.

Read Post

Salt Security

Read more about Salt Wins UK Trophy for Best Cybersecurity Solution!

Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services

May 24, 2023 By Aviad Carmel In Salt Security

This post is the second in a series describing OAuth implementation issues that put companies at risk. We create these posts to share rich technical details, drawn from real-world use cases, to educate the broader industry on the nature of these errors, their potential impact, and how to avoid them to better protect API ecosystems.

Read Post

Salt Security

Read more about Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services

Wallarm Demo: Shadow API Detection

May 24, 2023 By Wallarm In Wallarm

Learn how you can identify undocumented and unmanaged APIs in the Wallarm console with our new and improved Shadow API Detection capability.

View Video

Wallarm

API
Security

Read more about Wallarm Demo: Shadow API Detection

From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over

May 23, 2023 By Tom Neaves In Trustwave

For those wondering what GraphQL is… “GraphQL is a query language for your API, and a server-side runtime for executing queries using a type system you define for your data. GraphQL isn't tied to any specific database or storage engine and is instead backed by your existing code and data.”

Read Post

Trustwave

Read more about From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over

The implications of adding SAST to your CI/CD pipeline

May 18, 2023 By Mark Michon In Bearer

DevSecOps is all about better integrating security into the software development life cycle (SDLC). When combined with the desire to automate repetitive tasks, the inevitable conclusion is to put any repeatable testing tool into your app’s build pipeline. For any tooling that involves code analysis, it makes sense to sync up with existing testing workflows. That’s where CI comes in.

Read Post

Bearer

Read more about The implications of adding SAST to your CI/CD pipeline

API Security: Authorization, Rate Limiting, and Twelve Ways to Protect APIs

May 18, 2023 By Phani Deepak Akella In Indusface

41% of organizations suffered an API security incident, where a majority (63%) were data breaches. This is despite 90% of them using authentication policies in place, according to a survey by 451 Research. No surprises there, as authentication is just one piece of the API security puzzle. In this blog, we’ll cover the 12 methods that technology leaders need to incorporate to secure and protect APIs.

Read Post

Indusface

Read more about API Security: Authorization, Rate Limiting, and Twelve Ways to Protect APIs

Stopping API attacks with Salt Security and AWS WAF

May 18, 2023 By Salt Security In Salt Security

Every company’s APIs are unique and so are its security gaps. Bad actors will poke and prod to learn your APIs and find mistakes in business logic they can exploit. Catching these attacks requires context and deep behavioral analysis over time. With its recent AWS WAF Ready designation, Salt Security makes it easier and faster for businesses to protect the APIs running in their AWS environments. Salt provides the visibility, intelligence, and context over time to identify and block attacks using tools you already rely on such as Amazon API Gateway, AWS WAF, and other inline enforcement points.

View Video

Salt Security

Read more about Stopping API attacks with Salt Security and AWS WAF

API5:2019 Broken Function Level Authorization: The What, Impact, Sample Exploit, and Prevention Methods

May 16, 2023 By Indusface In Indusface

APIs are great for accessing specific functions and features, but what happens when they allow unauthorized access? Imagine a social media platform where users can share posts. To enable users to access posts, the platform provides an API that allows GET requests to retrieve posts by specifying the user ID and post ID. GET/api/v2.1/user/1438/posts?id=40. The API will return the 40th post for user id 1438. As these are public forums, any user can submit GET requests to access posts.

Read Post

Indusface

Read more about API5:2019 Broken Function Level Authorization: The What, Impact, Sample Exploit, and Prevention Methods

DevSecOps lifecycle coverage with new Snyk and Dynatrace app

May 15, 2023 By Sarah Conway In Snyk

Balancing the volume of applications and the increased deployment frequency with the need for security is a struggle for both development and security teams. Recent research indicates that vulnerability management in modern software development has become more complex, with 69% of CISOs acknowledging this challenge. Consequently, many applications are not adequately covered by security scans.

Read Post