The OWASP API project has recently decided to refresh the popular API Security Top 10 threat map. The team at Salt Security has always been actively involved in this project, having been a key contributor to the initial creation of the list. And we continue to be deeply involved in the thinking process, data gathering, and brainstorming in updating it. As of the writing of this post, the final version of API Security Top 10 2023 has not been officially released.

It’s our own version of the triple crown! Salt Security has won gold in not one, not two, but three categories in the 2023 Cybersecurity Excellence Awards! It’s like being at the Oscars and winning Best Picture, Best Actor, and Best Director! Check out our award announcement! This year, Salt won highest honors for: Being recognized as the top solution for API security means a lot to our team.

For the last two years, we’ve been quietly building a new kind of static application security testing (SAST) solution that allows security and engineering teams to assess, prioritize, and remediate security risks and vulnerabilities in their code by what matters most - sensitive data. Today, we are officially announcing its release as an Open Source project, Bearer.

Overall, while API email security services can provide a valuable layer of protection against email-based threats, they are not foolproof and can have limitations and weaknesses. It is important to consider these weaknesses when selecting and configuring an API email security service.

API attacks have dominated the cybersecurity news cycle lately. In early 2023, T-Mobile made news for an API-based breach of 37 million PII records of its past and present customers. And last year, Optus, a major telecommunications company in Australia, experienced an API security incident that exposed around 10 million customer records. And API attacks that aren't quite as ”newsworthy” happen every single day.

Is your security tool an island? Does it do its singular task with little more to offer than what it says on the package? Too many security offerings behave as singular entities, forcing you to constantly perform task switching to complete a job. If you are using a robust tool, then you may not be taking full advantage of its capabilities. Many capabilities of a good tool can be broadened with the use of an Application Programming Interface (API)