Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

To understand how the digital-first economy and global trends have impacted the role of the CISO, Salt partnered with the research firm Global Surveys to study 300 worldwide Chief Information Security Officers. This video highlights trends revealed by the survey including: These were just a few of the highlights from our recent state of the CISO survey. We encourage you to download the full report for even more great insights.

As APIs have become the backbone of modern applications, threat actors are increasingly targeting them. Whether it be to exfiltrate data, take control of critical systems, or disrupt key business services or digital supply chains, threat actors have taken notice—and they see APIs as a prosperous attack vector. In this video, you’ll gain valuable insights into API security and learn proactive measures to safeguard your APIs. By understanding the challenges posed by API attacks, you’ll understand the best strategies to protect your organization.

Salt Security protects the APIs that form the core of every modern application. Its patented API Protection Platform is the only API security solution that combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights for API discovery, attack prevention, and shift-left practices.

The 2023 OWASP API Security Top 10 list compiles and explains the most recent and pressing security threats facing today’s complex API ecosystem. As part of the committee that defined this industry-framing list, Salt gives you an insider view into the categories and how those embarking on their API security journey can most effectively address the critical vulnerabilities raised.

Every company’s APIs are unique and so are its security gaps. Bad actors will poke and prod to learn your APIs and find mistakes in business logic they can exploit. Catching these attacks requires context and deep behavioral analysis over time. With its recent AWS WAF Ready designation, Salt Security makes it easier and faster for businesses to protect the APIs running in their AWS environments. Salt provides the visibility, intelligence, and context over time to identify and block attacks using tools you already rely on such as Amazon API Gateway, AWS WAF, and other inline enforcement points.

Every company follows a unique path in adopting such critical and far-reaching security initiatives as API security. Nate Steinberg, Principal Information Security Specialist, shares how Amway approached building out its API security strategy. This on-demand fireside chat with Salt Security and Amway discusses.

Stephanie Best, Director of Product Marketing, and Yaniv Balmas, VP of Research at Salt Labs, discuss what you need to know about the new 2023 OWASP API Security Top 10 release candidate. As a member of the OWASP committee that helped shaped the latest report, Yaniv takes you behind the scenes to learn what changed, what stayed the same, and why these decisions were made.

APIs have emerged as the leading attack vector and attack surface most targeted by cybercriminals. That's why it's important to understand the tactics and techniques used by attackers while they're targeting APIs. In this video, we help you achieve this level of understanding by mapping the MITRE ATT&CK framework to API security attacks.

Several big-name API breaches have been in the news over the past few years, but API attacks happen every single day and typically don't make the headlines. Securing your APIs is no longer a luxury, but it’s also not just a burden. This short video shares how protecting your APIs opens the door to real business value.

This short video explains how Salt Labs researchers identified several critical security flaws on the popular travel site Booking.com. The flaws were found in the site's authentication functionality and could have allowed a malicious attacker to take over user accounts, access profile information, and take actions on behalf of the user such as booking or canceling reservations and ordering transportation services.