Spoutible, the rapidly growing social media platform known for its commitment to fostering a safe, inclusive, and respectful online community, has taken a significant step forward in its mission to ensure user safety, security and data integrity. Recognizing the critical importance of robust API security in today’s digital age, Spoutible is excited to announce a strategic partnership with Wallarm, a leader in API and Application security.

All industries are at risk of credential stuffing and account takeover (ATO) attacks. However, some industries are at a greater risk because of the sensitive information or volume of customer data they possess.

“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” - Tim Cook, CEO of Apple Inc. The entire digital landscape has evolved into a behemoth of sorts as the number of online attacks targeting individuals, businesses, and governments has risen steadily.

Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few technologies, such as NG-WAF, RASP, WAAP, and a few others, have internal WAF capabilities, which prevent web applications and API threats.

Government bodies are clamping down heavily on institutions and organizations that handle sensitive customer data. For APIs, tokens are used to authenticate users. We live in an era dominated by cloud-native and cloud-first solutions that rely on these services to provide dynamic data storage capabilities and overall computing capabilities for more accurate and actionable insights.

Ensuring the security of web applications and APIs is more critical than ever. With threats becoming increasingly prevalent and sophisticated, organizations need to employ comprehensive security measures to protect their digital assets. The NIST Cybersecurity Framework (CSF) 2.0 stands at the forefront of these efforts, offering a structured approach to managing cybersecurity risks.

Credential Stuffing, a vital yet often overlooked aspect of cybersecurity, needs to be addressed with urgency. An alarmingly large segment of the population engages in the risky habit of using the same password for various accounts. This behavior parallels the risk of using a universal key for various locks in your life, such as those for your home, car, or even hotel rooms during vacations.

In our Annual API ThreatStats report, we highlighted the increasing threat of API Leaks. An API Leak is the disclosure of sensitive API information, such as a token, credential, or private schema. These leaks can occur directly via the API itself, but also via third party tools used to manage source code, such as Github or Postman. API Leaks came in at number 4 in our dynamic top 10 list of API Security issues.

Do you know what 23andMe, Jason's Deli, North Face, and Hot Topic have in common? They've all been breached by successful credential stuffing attacks in the last year! An attack type that has gained prominence in recent years is credential stuffing. In this blog, we will explore what credential stuffing is, discuss current approaches to mitigate this type of attack, and their weaknesses. Additionally, we'll share our insights on what needs to be.

On January 16 2024, Atlassian issued a significant alert on a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server, identified as CVE-2023-22527. This issue found in older versions, poses a serious risk as it allows attackers without any authentication, to inject OGNL expressions. This means they could potentially run any code they want on the compromised system.