|
By Eric Schwake
We are excited to announce a significant Salt Security API Protection Platform upgrade. We have recently introduced a new detection feature targeting a prevalent yet often neglected vulnerability: open redirect attacks. This issue is so severe that it is highlighted in the OWASP Top 10 API Security Risks!
|
By Michael Callahan
Who doesn’t love a little glimpse into the future? For cybersecurity—and more specifically, API security - gazing into the magic crystal ball may not strictly be necessary. But there are definite trends that will evolve for 2025 and make API security even more of an imperative for modern businesses. Here are our top five.
|
By Michael Callahan
Zombie APIs, sometimes called “orphaned” or “forgotten” APIs, refer to endpoints that were initially deployed for a specific purpose but are no longer actively used or maintained. These APIs are often left operational within an organization’s infrastructure due to oversight or incomplete decommissioning processes.
|
By Eric Schwake
APIs are essential for modern digital business operations, enabling smooth connectivity and data exchange between applications. However, the growing dependence on APIs has unintentionally widened the attack surface, making strong API security a vital concern for organizations. Traditional security measures often prove inadequate in effectively safeguarding this changing landscape.
|
By Michael Callahan
In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub—they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is like assuming a bouncer can stop someone sneaking in through a side door or an open window.
|
By Eric Schwake
Let’s be honest: APIs are the unsung heroes of the modern business world. They work silently behind the scenes, connecting applications, driving innovations, and ensuring your digital transformation stays on track. However, there’s a crucial downside: APIs can pose a significant security risk. They can be likened to unlocked doors leading to your sensitive data and essential business functions—an ideal target for hackers.
|
By Eric Schwake
Black Friday may be the pinnacle of the holiday shopping season, a day when online retailers experience unprecedented traffic and revenue opportunities as consumers kick off the Christmas season. For many retailers, it’s a make-or-break event. Yet, with increased traffic comes increased risk, particularly as it relates to cybersecurity and keeping shoppers safe from fraud stemming from a cyberattack on their favorite digital store.
|
By Eric Schwake
The transportation sector is undergoing a digital revolution, from railways to aviation and trucking. APIs are at the heart of this transformation, particularly for airlines. Airlines utilize APIs to integrate internal systems with vital services such as booking platforms, check-in services, real-time flight updates, communication with customs agencies, and baggage handling.
|
By Alexandria Nicosia
The retail industry’s digital transformation has made secure APIs essential to modern operations since they are at the core of this shift. APIs power everything from e-commerce platforms and mobile shopping apps to inventory management, point-of-sale systems, and personalized customer experiences. They help retailers stay agile in a fast-paced market by enabling seamless data exchange and streamlining processes.
|
By Eric Schwake
As organizations adopt more modern application strategies, APIs are increasingly important for enabling seamless communication and data exchange. However, this interconnectedness also introduces more significant security risks. APIs are gateways to sensitive information, making them prime targets for attackers. This can result in data breaches, business disruptions, and reputational damage.
|
By Salt Security
We're on the last leg of the customer journey in API Security in Episode Five of Founder's Corner! Listen in on Salt’s CEO, Roey Eliyahu, and CMO, Michael Callahan, as they dive deeper into Threat Protection.
|
By Salt Security
Continuing the API security journey with Episode 4 of Founder’s Corner! Join Salt’s CEO, Roey Eliyahu, and CMO, Michael Callahan, in their deep dive into the topic of Posture Governance. Be proactive in your API Security.
|
By Salt Security
Welcome to Episode Three of Salt Security’s Podcast Series: Founder’s Corner Salt’s CEO and Co-founder, Roey Eliyahu, talks with Salt’s CMO, Michael Callahan, about the first step of the customer journey in API Security: Discovery (also known as the crawl stage). They dive into topics around Discovery (as well as Salt’s phases of Discovery), Data Security, Shadow and Zombie APIs, GenAI, and how Salt is utilizing AI.
|
By Salt Security
Welcome to Episode Two of Salt Security’s Podcast Series: Founder’s Corner This episode features Salt's COO and Co-founder, Michael Nicosia, as he defines the main steps of the customer journey in API Security. Hosted by Salt’s CMO, Michael Callahan.
|
By Salt Security
The Salt 360 platform is the only Al-infused protection for the entire API lifecycle - from discovery to posture governance to threat.
|
By Salt Security
Welcome to Episode One of Salt Security’s New Series: Founder’s Corner This series will share insights and conversations from founders on markets, technology, trends, and other interesting topics of the day. Starting off the series with Salt’s Co-Founders, Roey Eliyahu and Michael Nicosia, as they talk about how they became founders, what inspired them to start Salt Security, where the name came from, and the future of API Security.
|
By Salt Security
Join Nick Rago (VP of Product Strategy at Salt Security) and Claudio Acquaviva (Software Architect of Kong Inc.) in this informative webinar (live April 11). They discuss what being API-first really means, the essentials to success, and walkthrough the lifecycle of an API from design to deployment and how combining Salt Security with Kong through that API lifecycle can help provide a risk-free API-first journey.
|
By Salt Security
As organizations increasingly embrace APIs, a new challenge has emerged - the complexity of managing, securing, and understanding the sprawling API landscape within an organization. To tackle these concerns head-on, Salt Security has pioneered the industry's first API posture governance engine and a suite of advanced capabilities designed to bring clarity, security, and efficiency to your API ecosystem.
|
By Salt Security
API attacks are on the rise, and WAFs and gateways cannot stop them. A few highlights from our latest Salt Labs report on API security: Download the report now to benchmark yourself and use the findings to improve API security for your company.
|
By Salt Security
API Security for Dummies walks you through how application architecture has evolved, why apps are built on APIs now, the security risk APIs present, and best practices for securing APIs. This eBook: Download this eBook to learn the most critical elements of API security and ten prioritized steps you can follow now to start securing APIs for your organization.
|
By Salt Security
Securing your APIs is no longer a luxury, but it shouldn't be viewed as just a necessary burden either. Protecting your APIs opens the door to real business value including: Download this eBook to explore the business results customers are uncovering as they embark on their API security journey and how to quantify the value of API security in your organization.
|
By Salt Security
API attacks include many of the tactics, techniques, and procedures (TTPs) identified in the MITRE ATT&CK framework. This white paper analyzes and maps three common API attack scenarios to the TTPs found in the MITRE Enterprise Matrix. By understanding how the MITRE ATT&CK TTPs relate to API security threats, security leaders can: Download now to learn how to defend against API attacks by leveraging this well-known security framework.
|
By Salt Security
API security has emerged as a key priority for protecting vital data and services. It's also an area where many companies lack expertise. Salt Security has compiled this list of API security best practices, drawn from field experience and customer feedback, to help guide you on your API security journey. These API security best practices fall into multiple focus areas, including: Download this guide to obtain a comprehensive list of best practices and guidance to secure your APIs throughout their lifecycle.
|
By Salt Security
With API attacks on the rise, and existing security technology proving to be ineffective at stopping API attacks, organizations need to take a new approach. API security offerings must provide a range of functionality to be useful to organizations, including: Download this white paper to improve awareness of what it takes to adequately secure APIs, how to evaluate a given API security offering, and what API security capabilities are necessary to protect your business.
- January 2025 (5)
- December 2024 (3)
- November 2024 (4)
- October 2024 (13)
- September 2024 (3)
- August 2024 (10)
- July 2024 (9)
- June 2024 (4)
- May 2024 (2)
- April 2024 (3)
- March 2024 (3)
- February 2024 (1)
- January 2024 (3)
- November 2023 (1)
- October 2023 (3)
- September 2023 (2)
- August 2023 (3)
- July 2023 (7)
- June 2023 (7)
- May 2023 (6)
- April 2023 (9)
- March 2023 (14)
- February 2023 (6)
- January 2023 (6)
- November 2022 (1)
- June 2022 (1)
- May 2022 (1)
- April 2022 (1)
The leading API security company, providing the context needed to discover APIs, stop attacks, and remediate vulnerabilities to accelerate business innovation.
By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights for API discovery, attack prevention, and shift-left practices. Deployed quickly and seamlessly integrated within existing systems, the Salt Security platform gives customers immediate value and protection, so they can innovate with confidence and accelerate their digital transformation initiatives.
Complete API security for complete protection:
- Discover all your APIs: Continuously inventory all your APIs, including shadow and zombie APIs.
- Prevent sensitive data exposure: Identify the APIs that are exposing PII or other sensitive data.
- Stop API attacks: Correlate activity to block attackers during reconnaissance.
- Prevent ATO, Data Exfiltration: Thwart credential stuffing, account takeover, and data theft attacks.
- “Shift left” with proactive API security Test APIs in pre-production to identify and eliminate vulnerabilities.
- Accelerate incident response: Reduce the time needed to understand and resolve incidents.
- Provide remediation insights: Share learnings from runtime analysis with dev teams to harden APIs.
- Simplify compliance: Tie your API and sensitive data discovery and vulnerability remediation into GRC workflows.
The rich API context you need for robust discovery, attack prevention, and shift left.