Securing modern-day production systems is complex and requires a variety of measures—from secure coding practices and security testing to network protection and vulnerability scanning. Scaling these solutions to keep pace with the speed of development teams can be difficult, resulting in sprawling workflows and disparate sets of tooling.

Application Programming Interfaces (APIs) are the connecting tissue that enables the communication between applications, internal and external, and facilitate data exchange on a massive scale. In a world where information is the crown jewel of an organization, APIs are driving the delivery of digital services to customers and partners. While their usage is already exploding, the growing popularity of cloud-native technologies and microservices has only accelerated API adoption.

With hundreds of contributors, the MITRE ATT&CK Framework has become a vital resource of open source knowledge for the security industry. CISOs and cybersecurity professionals around the globe rely on the framework to increase their understanding about different cyber-attack tactics, techniques and procedures (TTPs). With insights about TTPs relevant to their specific platform or environment, organizations gain tremendous value to combat cyber threats.

Fintech as a Service (FaaS) is a business model that enables companies to outsource financial technology (fintech) services to a third-party provider. This model provides companies with a more flexible and cost-effective way to access fintech services and improve their financial operations. Let’s explore the concept of Fintech as a Service and the impact of API solutions on Fintechs.

Confused about the difference between a web application firewall (WAF) and a web application and API protection platform (WAAP)? Curious how intelligent a next-gen “intelligent WAF” really is? Wondering whether you need dedicated API security if you have a WAAP? Can you really trust a WAAP to secure your critical data and services? In a session from the Salt Security API Security Summit, Mike Rothman, Techstrong Research, stated.

The OWASP API Top 10 is a list of common vulnerabilities found in APIs. OWASP created it as a resource for developers, testers, and security professionals to help them understand how to protect against API threats. Many people think that APIs are just another type of web application, but they're not; they have their own set of risks and challenges that need to be addressed. A simple API call can result in a data breach that could have lasting consequences for your business.

13M developers write 14K lines of code each per year, touching sensitive data 16,847,298 times per year. If you need to understand how important, but also how difficult, it is to pinpoint sensitive data risks in a modern application stack, that is the number to keep in mind. In an effort to better explain the urgency of data security, we went in search of tangible numbers and came up with those above. But, how did we end up with them? Let’s take a look.