%term

Review API Scanning Prescan Results

Dec 22, 2021 By Veracode In Veracode

In this video, you will learn how to review Dynamic Analysis prescan scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

View Video

Veracode

Read more about Review API Scanning Prescan Results

Review API Scanning Results

Dec 22, 2021 By Veracode In Veracode

In this video, you will learn how to review Dynamic Analysis scan results for an API specification. After creating and submitting a Dynamic Analysis API specification scan, you can return to the list of Dynamic Analyses at any time to check for status updates and to view results. Please note, you must have the Creator, Reviewer, or Security Lead role to be able to view the results of a Dynamic Analysis, unless the results are linked to a Veracode application profile for which you have permission to view.

View Video

Veracode

Read more about Review API Scanning Results

The Good, the Bad, and The Ugly: Understanding the API Security Top 10 List

Dec 17, 2021 By Jared Carlson In Veracode

The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released in November 2021, lists the most critical web application security risks. But OWASP also maintains the API Security Top 10 project which was last updated in 2019. Each category is ranked based on the frequency and severity of the defect.

Read Post

Veracode

Read more about The Good, the Bad, and The Ugly: Understanding the API Security Top 10 List

Continuous REST API Testing With CI Fuzz

Dec 10, 2021 By Simon Resch In Code Intelligence

CI Fuzz is a platform for automated security testing that aims to enable developers to ship secure software fast. The platform empowers development teams to automatically deploy continuous REST API security tests with each pull request. Since it enables the instrumentation of entire web service environments, CI Fuzz can create test inputs that are guided by code coverage. This enables it to uncover complex vulnerabilities and edge cases that other tools often overlook.

Read Post

Code Intelligence

Read more about Continuous REST API Testing With CI Fuzz

Why authorization and authentication are important to API security - and why they're not enough

Dec 2, 2021 By David Bisson In AT&T Cybersecurity

The number of machine identities for which organizations are responsible has “exploded” in recent years, according to Security Boulevard. These machine identities include devices and workloads. But they also include application programming interfaces (APIs). Organizations use APIs to connect the data and functionality of their applications to those managed by third-party developers, business partners, and other entities, per IBM.

Read Post

AT&T Cybersecurity

Read more about Why authorization and authentication are important to API security - and why they're not enough

Phishing operators abuse bank APIs to improve phishing TTPs

Dec 1, 2021 By Cyberint In Cyberint

True Login phishing kits are continuously being developed by threat actors to improve their TTPs in luring victims. By using true login kits, the phishing operators have a higher chance of making potential victims believe they are logging into the real website. True login kit developers are abusing publicly available APIs of the banking company to be able to query login information to be shown to potential victims, in turn luring the victim even further into the operations.

Read Post

Cyberint

Read more about Phishing operators abuse bank APIs to improve phishing TTPs

Create an API Specification Scan

Nov 19, 2021 By Veracode In Veracode

Traditionally Veracode Dynamic Analysis has targeted applications with a Web user interface. But increasingly, web applications are composed of many small microservices, many of which have Representational State Transfer (REST) interfaces with which the UI layer communicates. With API scanning, you can now scan the APIs of your microservices earlier in the software development process, before they are integrated into a web application.

View Video

Veracode

Read more about Create an API Specification Scan

How and why we built Masked Email with JMAP - an open API standard

Nov 11, 2021 By Madeline Hanley In 1Password

Our core values as a company center around our users’ privacy, security, and satisfaction. While developing Masked Email – our integration with Fastmail that lets users create new, unique email addresses without ever leaving the sign-up page – we needed a technology that brought all three values together.

Read Post

1Password

Read more about How and why we built Masked Email with JMAP - an open API standard

Credenxia leaps into the future with Dock's API

Oct 19, 2021 By Dock

Preparing to move towards a decentralized solution for creating and managing employee credentials, Credenxia is working with Dock to build a Proof of Concept (PoC) application to create, issue, manage, and verify credentials instantly. This PoC is now complete!

Read Post

Read more about Credenxia leaps into the future with Dock's API

Kong Mesh and Styra DAS - securing modern cloud-native applications

Oct 5, 2021 By Kurt Roekle In Styra

Back at KubeCon North America 2017, many speakers declared that 2018 would be “The Year of the Service Mesh”. Just a year later, in the 2019 CNCF Survey1, it was reported that 18% of surveyed organizations were using a service mesh in production, and by 20202 (the most recent survey published at the time of this writing) that number rose to 27%.

Read Post