%term

2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery

Sep 9, 2023 By Wallarm In Wallarm

Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API7:2023 Server Side Request Forgery (SSRF). In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API7:2023 Server Side Request Forgery

Pythons and Birds: Duolingo and Telegram Hacked?

Sep 6, 2023 By Cato Networks In Cato Networks

In this week's episode, Bill and Robin explore the dangers of programmatic interfaces! The language-learning website, Duolingo, has fallen victim to an API exploit which has exposed 2.6 million user accounts, and there's threat actors on the dark web who are using Python to subversively change messages in Telegram threads. What's happening in the world, why should you care, and how can you stay protected?

View Video

Cato Networks

Read more about Pythons and Birds: Duolingo and Telegram Hacked?

2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows

Sep 2, 2023 By Wallarm In Wallarm

Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows

What You Need to know about API security

Aug 31, 2023 By Jeff Darrington In Graylog

When people talk about complex, interconnected ecosystems, they’re really talking about how applications share data and communicate with each other. Like the air-lock on a spaceship lets people pass between physical environments, Application Programming Interfaces (APIs) enable data to pass between digital environments. However, since APIs act as access points between applications, they create potential security risks.

Read Post

Graylog

Read more about What You Need to know about API security

2023 OWASP Top-10 Series: API5:2023 Broken Function Level Authorization

Aug 26, 2023 By Wallarm In Wallarm

Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

Read Post

Wallarm

Read more about 2023 OWASP Top-10 Series: API5:2023 Broken Function Level Authorization

API Abuse - Lessons from the Duolingo Data Scraping Attack

Aug 25, 2023 By Wallarm In Wallarm

It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those vulnerabilities, this incident provides a good reminder that not all vulnerabilities are flaws in code. In fact, this API was working as designed.

Read Post

Wallarm

Read more about API Abuse - Lessons from the Duolingo Data Scraping Attack

API Security Fundamentals

Aug 24, 2023 By Indusface In Indusface

API attacks have risen 400% in the last six months, as per Security Boulevard. This has caused 59% of organizations to delay the release of new applications due to concerns about API security. As industries look to integrate with third-party software more often to improve their business operations, the security of OpenAPIs has become critical.

View Video

Indusface

API
Security

Read more about API Security Fundamentals

Understanding API Attacks: Why they are different and how to stop them

Aug 24, 2023 By Salt Security In Salt Security

API attacks aren’t like traditional application attacks. Understanding those differences is crucial to protecting the valuable data and services your APIs enable. Nick Rago, Salt Security Field CTO, discusses in this webinar: We hope you enjoy the webinar on the changing nature of API attacks and learn the best practices to keep your organization safe.

View Video

Salt Security

Read more about Understanding API Attacks: Why they are different and how to stop them

Act Now to Prepare for New NCUA Cyber Incident Reporting Requirements

Aug 24, 2023 By Wallarm In Wallarm

We recently discussed the new SEC rule requiring all registered companies to report material cyber incidents within four (4) days.

Read Post

Wallarm

Read more about Act Now to Prepare for New NCUA Cyber Incident Reporting Requirements

In the Alleys of Black Hat and DEF CON 2023: The Quiet API Security Crisis

Aug 23, 2023 By Salt Technical Engineering In Salt Security

The neon lights of Black Hat and DEF CON, with their flashing demos and groundbreaking presentations, often dazzle attendees and cyber enthusiasts alike. From AI-driven hacking tools to quantum encryption, the subjects covered span a vast spectrum. However, as with any vibrant city, these include areas of risk and concern. For Black Hat 2023 events, APIs are core to these areas.

Read Post