The Inside Trace

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

tag

tag

Introducing Traceable Cloud WAAP: Built for the Way Applications Work Today

Introducing Traceable Cloud WAAP: Built for the Way Applications Work Today

Introducing Traceable Cloud WAAP, the first major innovation from the combined Harness and Traceable teams....
Company

April 24, 2025

The Practical Guide to Zero-Trust for APIs

The Practical Guide to Zero-Trust for APIs

Zero Trust APIs ensure security by treating all networks as compromised. Learn how to implement...
Traceable ASPEN

February 26, 2025

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JWTs are a powerful tool for authentication, but improper implementation can expose applications to serious...
Traceable ASPEN

February 26, 2025

Announcing Traceable Bot Defense

Announcing Traceable Bot Defense

Introducing Traceable Bot Defense: Real-Time Protection Against Bot Attacks We’re excited to announce the launch...
Blog

February 25, 2025

The Journey Continues

The Journey Continues

...
Company

February 11, 2025

Exciting News: We’ve Merged Harness and Traceable To Create A New Leader In Secure Software Delivery

Exciting News: We’ve Merged Harness and Traceable To Create A New Leader In Secure Software Delivery

Harness and Traceable to merge to create a new leader in secure software delivery....
News

February 10, 2025

ALBeast: a simple misconfiguration to a complete authentication bypass

ALBeast: a simple misconfiguration to a complete authentication bypass

The ALBeast vulnerability represents a critical security flaw in AWS Application Load Balancer (ALB) authentication...
Traceable ASPEN
Security Research

December 19, 2024

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JSON Web Tokens (JWTs) offer stateless authentication in modern web applications, but improper implementation can...
Traceable ASPEN

December 12, 2024

The Authorization Maze

The Authorization Maze

This article delves deep into the complexities of authorization in API security, exploring why implementing...
Security Research
API-Security

Decoding ownCloud’s Vulnerabilities: The Hidden Flaws of API Trust

Decoding ownCloud’s Vulnerabilities: The Hidden Flaws of API Trust

An in-depth analysis of three critical vulnerabilities discovered in ownCloud's API infrastructure, exposing risks in...
Security Research
Traceable ASPEN

November 5, 2024

Help, I'm Being Attacked: Why WAFs & Gateways Won't Stop the Next API Attack

Help, I'm Being Attacked: Why WAFs & Gateways Won't Stop the Next API Attack

Many organizations mistakenly believe that Web Application Firewalls (WAFs) or API gateways provide sufficient protection...
Foundations
API-Security
App Security

October 24, 2024

Let’s Face It - Criminals are bypassing selfie verification in Know Your Customer processes

Let’s Face It - Criminals are bypassing selfie verification in Know Your Customer processes

Explore how criminals are exploiting selfie verification in Know Your Customer (KYC) processes for neobanks....
API-Security
Generative AI

October 14, 2024

API Security: The Risk Threatening Australian Businesses

API Security: The Risk Threatening Australian Businesses

Explore API security ownership in modern Australian enterprises, key stakeholders, and how regulations like APRA...
API-Security
API Security Ownership

October 8, 2024

Why "Check-the-Box” Solutions Are Insufficient for API Security

Why "Check-the-Box” Solutions Are Insufficient for API Security

Why “Check-the-Box” Solutions Are Insufficient for API Security...
Compliance
API-Security

September 27, 2024

Securing Third Party APIs is Critical for Modern Business

Securing Third Party APIs is Critical for Modern Business

Third-party APIs are essential but risky, posing threats like data breaches and service disruptions. Securing...
Blog
Foundations

September 20, 2024

Service Now RCE - The Three Keys to ServiceNow's Data Vault

Service Now RCE - The Three Keys to ServiceNow's Data Vault

Discover critical ServiceNow vulnerabilities (CVE-2024-4879, 5178, 5217) enabling remote code execution. Learn their impact &...
Security Research
Traceable ASPEN

September 3, 2024

Securing Generative AI-Enabled Applications: Crawl - Walk - Run Strategy

Securing Generative AI-Enabled Applications: Crawl - Walk - Run Strategy

Learn how to secure generative AI in applications with a Crawl - Walk - Run...
Generative AI

September 6, 2024

Announcing Traceable API Inspector

Announcing Traceable API Inspector

Empowering API Security with Deep Inspection...
API Inspector
News
API-Security
Blog
Developer

Traceable API Security Platform Updates - June & July 2024

Traceable API Security Platform Updates - June & July 2024

Discover major improvements: enhanced data classification, UX updates for API catalog, AST changes, and a...
Releases

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

APIs are crucial for web apps but pose security risks. Traceable uncovered a critical flaw...
Traceable ASPEN
Security Research

August 19, 2024

Organizing API Security Around the NIST Framework

Organizing API Security Around the NIST Framework

Revolutionize your API security strategy with NIST Cybersecurity Framework 2.0. Enhance protection, detection, and incident...
API-Security
API Security Ownership

August 2, 2024

Navigating the Road to Automotive Security

Navigating the Road to Automotive Security

Traceable ASPEN's latest research highlights urgent automotive security needs, focusing on recent API vulnerabilities, real-time...
API-Security
Security Research
Traceable ASPEN

July 23, 2024

Who Owns API Security? Introducing the Key Players

Who Owns API Security? Introducing the Key Players

Explore key roles in API security and how collaboration among stakeholders like CISOs and product...
API Security Ownership

July 18, 2024

The Regulators Are Coming for Your Washing Machine App

The Regulators Are Coming for Your Washing Machine App

Discover how the PSTI Act 2022 and 2023 regulations shape IoT security, impacting manufacturers with...
Breach Analysis
Security Research

July 30, 2024

December Software Release

December Software Release

December was an extremely busy month for Traceable as we worked with customers to protect...
Releases

February 15, 2022

Traceable API Security Platform Updates - May 2024

Traceable API Security Platform Updates - May 2024

Traceable's May 2024 updates enhance API security with compliance policies, targeted testing filters, and improved...
Releases

June 20, 2024

API Security Masterclass Recap: Where Are All the APIs, Anyway?

API Security Masterclass Recap: Where Are All the APIs, Anyway?

Missed our API Security Masterclass? Catch key insights on API types, challenges, sprawl, vulnerabilities, and...
API-Security

February 29, 2024

How to Implement Zero Trust Security in your Applications: A Tutorial

How to Implement Zero Trust Security in your Applications: A Tutorial

Zero trust security is the best answer to modern security threats. Learn how to adopt...
API-Security

July 1, 2022

eBPF and API Security with Traceable

eBPF and API Security with Traceable

eBPF promises to radically advance what our infrastructure, application, and security tools will be able...
API-Security
Technology

July 15, 2022

How to Create Your First Next.js Serverless App

How to Create Your First Next.js Serverless App

This post will walk you through how to create a next js serverless app from...
API-Security

June 23, 2022

API Breaches: What Should I Know and How Can I Prevent Them?

API Breaches: What Should I Know and How Can I Prevent Them?

It's difficult to implement all the best practices for every possible attack vector, especially since...
API-Security

June 30, 2022

GraphQL Fragments: How to Simplify Your API Definitions

GraphQL Fragments: How to Simplify Your API Definitions

What are GraphQL Fragments? How can you take advantage if them to write cleaner code...
API-Security

May 11, 2022

How to Think About and Test API Latency

How to Think About and Test API Latency

In this post, we'll look at API latency including how you measure it, the difference...
API-Security

April 15, 2022

Deploying Serverless Applications: The What and How

Deploying Serverless Applications: The What and How

In this article, we'll discuss the benefits of serverless architectures and go through some of...
No items found.

April 15, 2022

How to Secure Microservices: The 6 Things You Can't Forget

How to Secure Microservices: The 6 Things You Can't Forget

Thinking about how to secure microservices? In this article you'll find 6 things you can't...
API-Security

April 1, 2022

March | Traceable AI Feature Release

March | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, local hosting for EU/Asia and support...
Releases

April 6, 2022

Monolithic vs. Microservices Architecture: Which Should I Use?

Monolithic vs. Microservices Architecture: Which Should I Use?

In this post we learn about monolithic vs microservices architectures and understand which to use...
No items found.

March 25, 2022

Serverless vs Containers: What's Right for Your Application?

Serverless vs Containers: What's Right for Your Application?

Serverless vs containers: Which one is right for your application? Learn more about these two...
API-Security

March 29, 2022

What is a CRUD API?

What is a CRUD API?

This post explains what a CRUD API is and how to apply it to different...
API-Security

March 28, 2022

How to Mitigate DDoS Attacks on Your APIs

How to Mitigate DDoS Attacks on Your APIs

Learn what DDoS is and what it can do to your API endpoints, how to...
API-Security

March 20, 2022

How to Filter Using GraphQL: A Simple Tutorial

How to Filter Using GraphQL: A Simple Tutorial

GraphQL offers a much more efficient, powerful alternative to REST...
No items found.

March 18, 2022

5 Best Threat Hunting Tools for Your Security Team

5 Best Threat Hunting Tools for Your Security Team

We now have advanced tools that can make threat hunting easier and more accessible. In...
API-Security

March 21, 2022

What Is Business Logic? The Inquisitive Reader's Guide

What Is Business Logic? The Inquisitive Reader's Guide

When you build application software and APIs, you'll often hear about "business logic." In this...
API Sprawl

March 16, 2022

A Beginner's Guide to API Governance

A Beginner's Guide to API Governance

API governance involves sticking to a set of principles when building an API. It's crucial...
API-Security

March 7, 2022

February | Traceable AI Feature Release

February | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, new support for AWS Lambda serverless...
Releases

March 18, 2022

How Can I Achieve API Compliance?

How Can I Achieve API Compliance?

The world of API compliance is more important than ever today. In this post, dig...
API-Security

March 14, 2022

What is Network Traffic Analysis?

What is Network Traffic Analysis?

Learn about Network Traffic Analysis, its importance and different strengths and weaknesses....
API-Security

March 15, 2022

4 API Security Best Practices

4 API Security Best Practices

API security is a fundamental part of web applications. It is a great tool to...
API-Security

March 13, 2022

How to Design Delightful API Architectures

How to Design Delightful API Architectures

delightful-api-architectures...
API-Security

March 8, 2022

Sensitive Data Exposure: Why It Hurts

Sensitive Data Exposure: Why It Hurts

It’s very important that we think about how not to expose sensitive data, and that’s...
API-Security

March 7, 2022

3 API Vulnerabilities to Look Out For

3 API Vulnerabilities to Look Out For

Every week, new API vulnerabilities are open to attackers. API security is essential, especially for...
API-Security

March 2, 2022

What Is API Ownership and How Can It Help Your Team?

What Is API Ownership and How Can It Help Your Team?

A guide about API ownership for leadership, senior engineers, security experts, and product managers to...
API-Security

March 6, 2022

Microservice Security Principles and Best Practices

Microservice Security Principles and Best Practices

In this post, you'll learn about the most important microservices security principles and some best...
API-Security

March 2, 2022

Web API Security: Rule-Based and Signature-Based Only Security Isn’t Good Enough

Web API Security: Rule-Based and Signature-Based Only Security Isn’t Good Enough

Attackers have learned to defeat traditional ‘moat around the castle’ perimeter defenses. Modern application security...
API-Security
App Security

May 12, 2021

Traceable Defense AI M8 Released

Traceable Defense AI M8 Released

Easier deployment process, extended agent support, extended API Intelligence, easier to find problems, protection additions,...
Releases

April 11, 2021

AWS WAF and CloudFront: How to Use Them Together

AWS WAF and CloudFront: How to Use Them Together

Security is crucial, as exposing user data is devastating. While often overlooked, AWS CloudFront and...
API-Security
Cloud Native
Developer
Technology

September 16, 2021

API Security Trends in the Financial Sector: A CISO's Perspective

API Security Trends in the Financial Sector: A CISO's Perspective

Former CISO Richard Bird shares API security trends in finance, spotlighting insights from Traceable's "State...
State of API Security

June 12, 2024

Critical PHP CGI Argument Injection Vulnerability (CVE-2024-4577)

Critical PHP CGI Argument Injection Vulnerability (CVE-2024-4577)

This flaw, affecting PHP on Windows, exploits a Unicode processing issue, enabling attackers to inject...
Traceable ASPEN

June 12, 2024

Traceable + Wiz: Supercharging Threat Detection with Complete Cloud and API Context

Traceable + Wiz: Supercharging Threat Detection with Complete Cloud and API Context

Improve threat detection with Traceable and Wiz integration, bringing together API and cloud security for...
Cloud Native
Releases

June 6, 2024

Lessons in Securing Mobility Site Management APIs

Lessons in Securing Mobility Site Management APIs

Mobile device management (MDM) systems are essential for large enterprises to track devices accessing the...
Security Research
Traceable ASPEN

May 16, 2024

Traceable Co-founder Reveals Key Drivers Behind the Company's Rapid Growth

Traceable Co-founder Reveals Key Drivers Behind the Company's Rapid Growth

Traceable co-founder and CTO Sanjay Nagaraj provided a deep dive into the factors fueling the...
Company
Generative AI
News

June 11, 2024

The State of API Security at RSA 2024: Alarming Trends and Insights

The State of API Security at RSA 2024: Alarming Trends and Insights

Explore the RSA Conference 2024 survey findings on API security challenges and the urgent need...
State of API Security

June 3, 2024

Traceable API Security Platform Updates - April 2024

Traceable API Security Platform Updates - April 2024

Explore Traceable's April 2024 updates on API security, featuring Generative AI protection, advanced DAST for...
Releases

May 10, 2024

How API Flaws Allowed Students to do their Laundry for Free

How API Flaws Allowed Students to do their Laundry for Free

Smart appliances offer convenience, but security flaws in CSC ServiceWorks' laundry system allowed free cycles,...
Breach Analysis
Security Research
Traceable ASPEN

May 30, 2024

The Confluence Of Fraud Prevention and AppSec Through API Security

The Confluence Of Fraud Prevention and AppSec Through API Security

APIs drive data exchange but attract fraud. Discover how API security platforms detect and prevent...
Fraud

May 22, 2024

API Security Masterclass Recap: Your Guide to the OWASP API Top 10

API Security Masterclass Recap: Your Guide to the OWASP API Top 10

Missed the live API security masterclass webinar? Don't worry! Our blog recap covers the OWASP...
Foundations

April 30, 2024

Understanding CVE-2024-3400 in PAN-OS GlobalProtect

Understanding CVE-2024-3400 in PAN-OS GlobalProtect

CVE-2024-3400 targets Palo Alto GlobalProtect, allowing attackers to write arbitrary files and execute system commands....
Breach Analysis
Security Research
Traceable ASPEN

April 23, 2024

API Security: What Every Developer Needs to Know

API Security: What Every Developer Needs to Know

APIs are the backbone of modern apps. Learn crucial API security principles to defend against...
API-Security
Developer
Foundations

April 19, 2024

API Summit 2024: Security Challenges, AI, and What's Next

API Summit 2024: Security Challenges, AI, and What's Next

API security isn't always top of mind. Here's what I learned about the challenges and...
API-Security
Developer
News

March 28, 2024

To Secure Generative AI Applications, Start with Your APIs

To Secure Generative AI Applications, Start with Your APIs

Learn how API security can mitigate risks like prompt injection, sensitive data disclosure, and insecure...
Generative AI
LLM

March 27, 2024

Traceable API Security Platform Updates - March 2024

Traceable API Security Platform Updates - March 2024

Traceable's March 2024 release enhances API security with advanced analytics, protection against GraphQL introspection &...
Releases

April 10, 2024

Context-Aware Security: Key Driver for Enhancing API Security in 2024

Context-Aware Security: Key Driver for Enhancing API Security in 2024

APIs and API security are evolving. Context-aware security analyzes user behavior, data sensitivity, and environment...
API-Security
Generative AI

March 17, 2024

Data Poisoning LLM: How API Vulnerabilities Compromise LLM Data Integrity

Data Poisoning LLM: How API Vulnerabilities Compromise LLM Data Integrity

Data poisoning threatens LLMs as attackers exploit API weaknesses to corrupt AI data. Learn about...
API-Security
Generative AI

March 16, 2024

Traceable API Security Platform Updates - February 2024

Traceable API Security Platform Updates - February 2024

February's releases bring security analytics, session attribution enhancements, data flow visualization, and new platform agent...
Releases

March 7, 2024

Webinar Recap: API Security Predictions 2024: The Critical Crossroads is Here

Webinar Recap: API Security Predictions 2024: The Critical Crossroads is Here

APIs drive digital innovation but face rising threats. Explore shocking API breach stats from Traceable's...
API-Security
State of API Security

March 16, 2024

Navigating the Maze: Understanding API Sprawl and Its Implications

Navigating the Maze: Understanding API Sprawl and Its Implications

API sprawl hinders the efficiency and security of modern digital ecosystems. Explore the causes of...
API Sprawl
Blog

March 25, 2024

Weekly Cybersecurity Roundup: Week of March 15, 2024

Weekly Cybersecurity Roundup: Week of March 15, 2024

Cybersecurity news reveals: API vulnerabilities in healthcare AI, massive credential leaks, and the importance of...
News

March 17, 2024

Traceable ASPEN: Leading the Charge in API Security Research

Traceable ASPEN: Leading the Charge in API Security Research

Discover Traceable ASPEN, a dedicated team revolutionizing API security through research on API sprawl, vulnerabilities,...
Traceable ASPEN

February 29, 2024

PCI-DSS 4.0 Simplified with Traceable

PCI-DSS 4.0 Simplified with Traceable

Explore simplified PCI-DSS 4.0 compliance strategies designed to enhance data protection. Elevate security measures effortlessly....
API-Security
PCI DSS Compliance

February 14, 2024

Angular-ing for AuthZ, Problematic anti-patterns in Single Sign On Systems

Angular-ing for AuthZ, Problematic anti-patterns in Single Sign On Systems

A critical SSO vulnerability in a Fortune 500 app risks millions of records. Learn about...
Security Research
Traceable ASPEN

March 5, 2024

Don't Let Your APIs Get Ghosted: How to Tackle API Sprawl and Unknown APIs

Don't Let Your APIs Get Ghosted: How to Tackle API Sprawl and Unknown APIs

Explore the complexities of API sprawl and its impact on organizational security in this insightful...
API-Security

February 14, 2024

Traceable API Security Platform Updates - January 2024

Traceable API Security Platform Updates - January 2024

Discover Traceable's updates: API Security Testing, advanced analytics, and top tool integrations for ultimate API...
Company
Releases

February 7, 2024

Unlocking the Power of eBPF at Traceable

Unlocking the Power of eBPF at Traceable

Discover how eBPF's kernel-level operation enables efficient data collection and analysis, making it an essential...
API-Security

January 11, 2024

Open API Security Explained: Impact on Business and Technology

Open API Security Explained: Impact on Business and Technology

Explore "Open APIs Explained" to learn how Open APIs drive innovation in business and technology....
API-Security
State of API Security

January 27, 2024

Navigating the Aftermath of the "Mother of All Breaches"

Navigating the Aftermath of the "Mother of All Breaches"

During Data Privacy Week, the "Mother of All Breaches" exposes 26 billion records, emphasizing the...
API-Security
Breach Analysis

January 26, 2024

The Biggest Data Breaches Aren’t Even Breaches Anymore: The Rise of the Scraped Data Breach

The Biggest Data Breaches Aren’t Even Breaches Anymore: The Rise of the Scraped Data Breach

Explore the shift to scraped data breaches, data scraping challenges, and the importance of early...
Breach Analysis

January 24, 2024

Holiday Hacks: Unraveling API Exploits Fueling Digital Fraud

Holiday Hacks: Unraveling API Exploits Fueling Digital Fraud

Master E-commerce API security this holiday season with tips to detect and prevent vulnerabilities using...
Breach Analysis
Foundations

December 13, 2023

Traceable API Security Platform Updates - November 2023

Traceable API Security Platform Updates - November 2023

Discover the November 2023 updates enhancing analytics queries, threat detection, WAF integrations, and out-of-band data...
Releases

December 7, 2023

2023 API Security Trends: Insights, Risks, and Strategies

2023 API Security Trends: Insights, Risks, and Strategies

Explore API security essentials from Traceable's 2023 report, featuring insights on vulnerabilities, breaches, and effective...
State of API Security

December 7, 2023

Apache Struts Strikes Again! From Path Traversal to Remote Code Execution

Apache Struts Strikes Again! From Path Traversal to Remote Code Execution

Insights into Apache Struts vulnerability CVE-2023-50164 in our blog by Soujanya Namburi. Learn why it's...
Security Research

January 10, 2024

Agentless API Security in Google Cloud

Agentless API Security in Google Cloud

Traceable integrates with Google Cloud load balancers for agentless API security, enhancing protection for all...
API-Security
Cloud Native

November 18, 2023

Dizzy Keys: Why API Key Rotation Matters

Dizzy Keys: Why API Key Rotation Matters

Learn essential API key security, management, and rotation to safeguard against threats. A must-read for...
API-Security
Foundations

December 5, 2023

API Security Strategies for E-Commerce Platforms

API Security Strategies for E-Commerce Platforms

Discover essential ecommerce security strategies to tackle vulnerabilities, brute force attacks, and more. Learn how...
API-Security
Foundations

November 21, 2023

Traceable API Security Platform Updates - October 2023

Traceable API Security Platform Updates - October 2023

Discover October's exciting Traceable releases, featuring deep visibility into gRPC calls, enhanced event tracking, and...
Releases

November 8, 2023

Open Banking API Security: Financial Data Sharing & Role of Open APIs

Open Banking API Security: Financial Data Sharing & Role of Open APIs

Discover the U.S. open banking revolution: its global impact, the Open Banking Rule, CFPB's draft,...
API-Security
News

October 23, 2023

Decoding and Defending Against Broken Object Level Authorization (BOLA)

Decoding and Defending Against Broken Object Level Authorization (BOLA)

Broken Object Level Authorization (BOLA) remains a critical vulnerability in API security, highlighted in the...
Foundations

November 14, 2023

Traceable API Security Platform Updates - September 2023

Traceable API Security Platform Updates - September 2023

In September, Traceable AI simplified API testing, added threat analysis tools for hunting, and improved...
Releases

October 4, 2023

How Traceable Aligns to Forrester's Eight Components of API Security

How Traceable Aligns to Forrester's Eight Components of API Security

Discover how Traceable aligns with Forrester's API security report, tackling challenges and offering solutions for...
API-Security

October 18, 2023

President Biden's Executive Order on Artificial Intelligence: A Cybersecurity Perspective

President Biden's Executive Order on Artificial Intelligence: A Cybersecurity Perspective

Discover how APIs support President Biden's AI Executive Order, enhancing interoperability, scalability, and security for...
API-Security
Generative AI
News

October 30, 2023

No Results Found

Compliance
API Inspector
API Security Ownership
Blog
Technology
PCI DSS Compliance
Observability
LLM
Foundations
Developer
API Sprawl
Fraud
Security Research
Breach Analysis
News
Generative AI
Company
Traceable ASPEN
State of API Security
Releases
App Security
API-Security
Cloud Native

Introducing Traceable Cloud WAAP: Built for the Way Applications Work Today

Introducing Traceable Cloud WAAP, the first major innovation from the combined Harness and Traceable teams. Purpose-built for modern, API-driven applications, this unified solution provides deep, context-aware protection across your web applications and APIs—wherever they run. It redefines cloud-native security with integrated capabilities in API security, bot mitigation, DDoS defense, and web app protection.

April 24, 2025

Announcing Traceable Bot Defense

Introducing Traceable Bot Defense: Real-Time Protection Against Bot Attacks We’re excited to announce the launch...

February 25, 2025

The Journey Continues

...

February 11, 2025

Exciting News: We’ve Merged Harness and Traceable To Create A New Leader In Secure Software Delivery

Harness and Traceable to merge to create a new leader in secure software delivery....

February 10, 2025

Recent Posts

Introducing Traceable Cloud WAAP: Built for the Way Applications Work Today

April 24, 2025

The Practical Guide to Zero-Trust for APIs

February 26, 2025

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

February 26, 2025

Announcing Traceable Bot Defense

February 25, 2025

The Journey Continues

February 11, 2025

Exciting News: We’ve Merged Harness and Traceable To Create A New Leader In Secure Software Delivery

February 10, 2025

API Security

View All Blogs
arrow

The Authorization Maze

This article delves deep into the complexities of authorization in API security, exploring why implementing robust access controls is far more challenging than many engineers realize. Through real-world examples from companies like Airbnb and Uber, the author breaks down different types of authorization vulnerabilities (BOLA, BOPLA, BFLA) and explains the nuanced challenges of creating dynamic, context-aware access policies.

API Security: The Risk Threatening Australian Businesses

Explore API security ownership in modern Australian enterprises, key stakeholders, and how regulations like APRA and SOCI shape security practices and governance.

October 8, 2024

Why "Check-the-Box” Solutions Are Insufficient for API Security

Why “Check-the-Box” Solutions Are Insufficient for API Security

September 27, 2024

Organizing API Security Around the NIST Framework

Revolutionize your API security strategy with NIST Cybersecurity Framework 2.0. Enhance protection, detection, and incident response.

August 2, 2024

Traceable ASPEN

View All Blogs
arrow

ALBeast: a simple misconfiguration to a complete authentication bypass

The ALBeast vulnerability represents a critical security flaw in AWS Application Load Balancer (ALB) authentication implementation that could lead to complete authentication bypass. This vulnerability, affecting over 15,000 applications, stems from improper validation of AWS-specific header claims and misconfigured security groups, allowing attackers to forge authentication tokens and impersonate legitimate users. The issue highlights the importance of proper JWT validation and security group configuration in AWS ALB implementations.

December 19, 2024

ALBeast: a simple misconfiguration to a complete authentication bypass

The ALBeast vulnerability represents a critical security flaw in AWS Application Load Balancer (ALB) authentication implementation that could lead to complete authentication bypass. This vulnerability, affecting over 15,000 applications, stems from improper validation of AWS-specific header claims and misconfigured security groups, allowing attackers to forge authentication tokens and impersonate legitimate users. The issue highlights the importance of proper JWT validation and security group configuration in AWS ALB implementations.

December 19, 2024

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JSON Web Tokens (JWTs) offer stateless authentication in modern web applications, but improper implementation can expose critical vulnerabilities. This analysis explores attack vectors across JWT components, revealing how small oversights can lead to significant security breaches like privilege escalation and unauthorized access.

December 12, 2024

The Practical Guide to Zero-Trust for APIs

Zero Trust APIs ensure security by treating all networks as compromised. Learn how to implement authentication, access control, and policies to protect APIs against threats while maintaining seamless operations.

February 26, 2025

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JWTs are a powerful tool for authentication, but improper implementation can expose applications to serious security risks. Learn how attackers exploit JWT vulnerabilities and how to defend against them.

February 26, 2025

ALBeast: a simple misconfiguration to a complete authentication bypass

The ALBeast vulnerability represents a critical security flaw in AWS Application Load Balancer (ALB) authentication implementation that could lead to complete authentication bypass. This vulnerability, affecting over 15,000 applications, stems from improper validation of AWS-specific header claims and misconfigured security groups, allowing attackers to forge authentication tokens and impersonate legitimate users. The issue highlights the importance of proper JWT validation and security group configuration in AWS ALB implementations.

December 19, 2024

Product Updates

View All Blogs
arrow

Traceable API Security Platform Updates - June & July 2024

Discover major improvements: enhanced data classification, UX updates for API catalog, AST changes, and a...

December Software Release

December was an extremely busy month for Traceable as we worked with customers to protect...

February 15, 2022

Traceable API Security Platform Updates - May 2024

Traceable's May 2024 updates enhance API security with compliance policies, targeted testing filters, and improved...

June 20, 2024

March | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, local hosting for EU/Asia and support...

April 6, 2022

February | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, new support for AWS Lambda serverless...

March 18, 2022

Traceable Defense AI M8 Released

Easier deployment process, extended agent support, extended API Intelligence, easier to find problems, protection additions,...

April 11, 2021

The Inside Trace

Subscribe for expert insights on application security.

Thanks! Your subscription has been recorded.

or subscribe to our RSS Feed

WHY TRACEABLE
Why TraceableOur CustomersIn the NewsRequest DemoCompare Traceable
PLATFORM
Application Discovery & Risk AssessmentApplication Security TestingApplication Runtime Protection
USE CASES
API DiscoveryShift Left SecuritySensitive Data ExfiltrationAccount TakeoverBot MitigationIncident ResponseData Privacy and Compliance
RESOURCES
OverviewRelated API Resources BlogWebinarsCustomer Peer ReviewsCase StudiesWhite PaperDatasheetsLearning CenterCustomer Success & Support
COMPANY
Sign In About TraceableCareersPressPress KitCustomer SupportSecurity and ComplianceLegalPrivacy Policy
© 2025 Harness Inc.
Subscription TermsWebsite Terms of UsePrivacy Statement
Opt Out
Do Not Sell / Share My Personal Information
Cookie Settings
© 2024 Harness Inc.