Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Businesses of all sizes are increasingly relying on APIs to connect with their customers, partners, and other systems. APIs, or application programming interfaces, are the building blocks of the modern web, and they allow businesses to share data and functionality in a secure and efficient way. Without APIs, businesses are limited in their ability to innovate and grow. They lack the ability to integrate with other systems, create new products and services, or reach new markets.

It never gets old! We’re excited to share that Salt has won yet another award — our 15th award this year! This time, we have been named the “Best API Security Solution” in the renowned 2023 SC Awards. The SC Awards are cybersecurity’s most prestigious and competitive honor. The premier recognition program honors outstanding innovations, organizations and leaders that are advancing the practice of information security.

The Wallarm API Discovery module has been further enhanced to enable customers to identify Orphan APIs and bring them under management. In this post we’ll discuss what Orphan APIs are, why they matter, and how to regain control of your API portfolio.

Welcome to the 5th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API4:2023 Unrestricted Resource Consumption. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.

We recently hosted a compact and very engaging panel discussion about the new SEC Cyber Incident Reporting Rules due to come into effect later this year. We were fortunate to be joined by two well-known experts: In the post, we will *not* rehash what was said in the panel discussion. If you did not get to attend the live session, we invite you watch it on-demand – it’s 30 minutes well spent!

Creating a Software Bill of Materials (SBOM) is crucial to software supply chain security management. It helps fortify your software supply chain and reduces the likeliness of your software being exploited. But did you know there's a way to enhance your software's security further? Well, that's when API inventory comes into the picture. Including API inventory in your SBOM can make your software solution more resilient to cyberattacks.

APIs, formally known as application programming interfaces, occupy a significant position in modern software development. They revolutionized how web applications work by facilitating applications, containers, and microservices to exchange data and information smoothly. Developers can link APIs with multiple software or other internal systems that help businesses to interact with their clients and make informed decisions.

Many API-related breaches do not result from sophisticated attackers or diligent security researchers but stem from improper API design and implementation. Recent incidents at Clubhouse, John Deere, and Experian serve as examples, highlighting the consequences of neglecting basic API security practices. To safeguard against security risks, comprehensive API security testing becomes essential, ensuring APIs align with published specifications and are resilient to malicious inputs and attacks.

In an ideal world, security incidents result in minimal damage, and we can learn from them to improve our future defenses. Fortunately, such appears to be the case with JumpCloud. According to JumpCloud’s blog post, its recent security incident impacted fewer than 5 JumpCloud customers and fewer than 10 devices. Moreover, working together with their incident response (IR) partner Crowdstrike (also a Salt Security partner), JumpCloud has mitigated the attack vector used by the threat actor.