Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

API

Snyk

How to make a mock API server in JavaScript

Oct 20, 2022 By Brian Clark In Snyk

Developing and testing a frontend feature can be difficult, especially when the backend it depends on is not ready. This dependency on a backend API often slows down the development process. In scenarios like this, developing a mock API can save you a lot of time by allowing you to develop your feature independent of the backend, and make it easier to test and identify scenarios where your API might fail before it is ready.

Read Post

Rubrik and GraphQL - Episode 6 - Using the Rubrik API Code Capture Extension

Oct 20, 2022 By Rubrik In Rubrik
Now that we understand how to form and execute our GraphQL calls, many have reached out asking how to automate certain tasks that are performed within the Rubrik Security Cloud UI. In this episode, I'll introduce you to the Rubrik API Code Capture extension for Chrome. If you know how to accomplish something within the UI, the Code Capture extension will show you the exact API call you need, including the query name and formation of the payload that you are sending! It's super easy to use and can save you a ton of time digging through documentation!
View Video
detectify

Proactively reduce risks with Attack Surface Custom Policies

Oct 18, 2022 By Detectify In Detectify

If you’re responsible for security, then you know how useful it is to have clearly-defined security policies that are simple to implement, scale, and verify. Product and AppSec teams know that great security policies empower teams to work autonomously so that work moves forward as it should. However, validating that your security policies are actually implemented is difficult.

Read Post
appsentinels

Learnings from the Optus Breach

Oct 13, 2022 By AppSentinels In AppSentinels
Before we delve into the reasons behind Optus breach, let’s see the chronology of events. According to various reports, Optus customer data was accessed via an API interface that was not secure. Apart from unauthenticated API, there was another serious issue related to easily enumerated ID’s (identifiers). These are foundational controls that were found lacking in the API implementation..
Read Post
code intelligence

The 6 Biggest Challenges of REST API Testing

Oct 6, 2022 By Daniel Teuchert In Code Intelligence

Securing REST APIs is particularly difficult since they are highly interconnected and not designed for manual access. To save time and be more efficient, many developers rely on testing solutions that can automatically detect REST API endpoints and test parameter properties within them. In this article, I want to provide an overview of the 6 biggest challenges of REST API security testing and how test automation can help resolve them.

Read Post
tripwire

What to Know about APIs, the "On-Ramps to the Digital World"

Oct 4, 2022 By Tripwire Guest Authors In Tripwire

An application programming interface, or API, is a defined process that allows data to be shared between applications or programs. Each API consists of a set of rules that dictates how communication occurs between a client and a server or external program. The required request format, the authentication process, and the encryption of data all have set guidelines so that the API knows what information to share and when and how to share it.

Read Post
indusface

How to Use MITRE ATT&CK to Mitigate API & Other Attacks?

Sep 29, 2022 By Indusface In Indusface

With a threat landscape expanding at an accelerated pace, it is next to impossible for any organization to even keep track of and monitor the volume, frequency, complexity, and breadth of the attack techniques and tactics out there. But to effectively tackle threats and protect mission-critical assets, the knowledge of these common attack techniques, tactics, detection, and mitigation is critical. This is where MITRE ATT&CK is especially useful.

Read Post
synopsys

Secure cloud-native apps and APIs at the speed your business demands

Sep 27, 2022 By Kimm Yeo In Synopsys
Securing cloud-native apps require advanced tooling. Learn why Synopsys earned the highest score for the cloud-native app use case in Gartner’s latest report. The cloud-native development model entered the mainstream in the recent years, with technologies such as microservices and serverless computing, containers, APIs, and infrastructure-as-code (IaC) at the forefront of this trend.
Read Post
armo

CVE-2022-3172 - kube-apiserver can allow an aggregated API server to redirect client traffic to any URL

Sep 19, 2022 By Ben Hirschberg In ARMO
A new vulnerability was reported on Sep 16th in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. As a result, the client may perform unexpected actions and share the API server credentials with third parties. The aggregated API server extension in Kubernetes API server enables users to extend API server with alternative objects and paths.
Read Post
teleport

Directory Sharing in a Web-Based RDP Client Using the File System Access API

Sep 19, 2022 By Isaiah Becker-Mayer In Teleport

Remote Desktop Protocol (RDP) is a protocol developed by Microsoft which at its core is designed to give users a graphical interface to a remote Windows computer over a network connection. The remote Windows machine runs an RDP server, while the local computer accessing it runs an RDP client. Windows comes bundled with Microsoft's Remote Desktop Connection to easily access Windows hosts over RDP.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.