Subscribe for expert insights to protect your applications.
Teams need to address three core elements to develop an effective yet scalable model for API security.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Shadow APIs lurk outside the sight of normal IT governance processes. The problem: Attackers can use them to access data and applications.
Traceable was just named winner of the 2021 Fortress Cyber Security Award for application security. As CTO and co-founder, here's my thoughts on this.
The president of the United States signed an Executive Order on improving the Nation’s Cybersecurity. It covers many things, one of which is zero trust architecture. What does this mean?
Like the undead, deprecated APIs can lurk hidden in the background until an attacker gives them new life. The fix? A proper funeral.
Traceable was just named winner of the Global InfoSec Awards for Next-Gen in Cybersecurity Artificial Intelligence during RSA Conference 2021. As CEO and co-founder, here's my thoughts on this.
Attackers have learned to defeat traditional ‘moat around the castle’ perimeter defenses. Modern application security tools offer the answer: distributed tracing and AI that understands the app they protect.
Runtime Application Security-Protection tools have evolved from standalone technology to essential components guarding web applications. But they are falling short. What's needed next?
What's the difference between a WAF and an NGWAF? Does it matter? Enterprises need to look beyond Web Application Firewalls to protect against API vulnerabilities
This blog about why my career transition to Traceable has taken longer than expected. My new job in this dynamic company has kept me very busy — in a good way.
What cloud application security options are available to protect personal data in the API economy?
When a security expert tested several dozen mobile health applications, all had API vulnerabilities that could leak personal information. This should be a warning call.
We're living in a world of continuous change, which makes it hard to manage APIs. Read this guide to API security challenges and how to fix them.
Attackers are listening to your API chatter, finding vulnerabilities that reveal valuable (and personal) data. Here’s what developers should consider to protect against excessive data exposure.
Everything You Need to Know About Authentication and Authorization in Web APIs - Part 2. In this post, we’ll cover examples of real-world API vulnerabilities and look through the examples to understand how attackers could breach your defenses.
Part 1: Technologies used to create web applications have fundamentally changed. Authentication and authorization techniques must change with them.
Traditional web security was relatively easy: defend the web application like it was the Queen’s castle. With the rise of microservices, however, application security must be smarter.
As microservices grow in popularity, they present attackers with more opportunities for API attacks. These new security approaches can help.
Code scanning performed by Static Application Security Testing tools helps developers find vulnerabilities even as they write code, but at a cost.
Think of the OWASP API Top 10 as a checklist of vulnerabilities that bad actors can use to breach your system. Here’s how to be confident in your application security.
Traceable Defense AI M8 release includes: easier deployment process, extended agent support, extended API Intelligence, easier to find problems, protection additions, improved UX around threat hunting, ability to isolate per environment
The shift to microservices requires new ways to anticipate, plan, and protect web applications. Here are 6 key things to consider when thinking about the transition.
OWASP has been the face of web application security for almost 20 years. They’ve worked tirelessly to increase the security of the web. One of the most widely known contributions to the industry is the OWASP Top 10 List.
Web Application Security is security for web apps, right? As with many technical topics, there are plenty of rabbit holes to dive into when discussing web application security, but let’s focus on the critical questions many have about it.
Lacking the power of AI and machine learning, common security technologies miss API attacks by not seeing the broader business context. Here’s what happened at Shopify.
The shared responsibility model describes how security is shared by both the cloud provider and user. Here’s how modern application and API security requirements change the equation.
Even the largest companies in the world are susceptible to API vulnerabilities. How modern security defenses fail — and how to fix them.
Traceable AI has announced a strategic partnership with Silicon Valley CISO Investments (SVCI), an angel syndicate of 55+ practicing CISOs who are putting their money as well as their time and strategic counsel into innovative cybersecurity startups. To find out more about SVCI and what attracted the group to Traceable AI, we conducted a Q&A with one of the SVCI investors, Jonathan Jaffe, CISO at Lemonade.
The idea behind Dynamic Applications Security Testing (DAST) is pretty clever — a tool that simulates a human penetration tester. With the URL of an app to test, the tool gets its hands dirty and provides a vulnerabilities report. DAST tools are not just contextless fuzzers; they have intelligence and decision-making capabilities which help them show more interesting results. This article discusses different components of DAST tools, how they work together, and challenges they face in the modern development environment.
Most security defenses would have missed the Uber API authorization vulnerability. Here’s why. To proactively protect applications, modern security programs need to understand the business logic that guides them.
M6 and M7 bring GraphQL and gRPC, new agent support, OpenTelemetry compatibility, business risk visibility and API risk scoring, many new and configurable blocking rules, lots of new discovered data on your API endpoints, and improved enterprise readiness.
SecOps keeps production environments safe. Now, “shifting left” approaches are needed to secure production applications and APIs.
RASP is not a plug-and-play technology; it requires a full cycle of validation with existing applications to ensure functionality and performance are not adversely affected. There is a need for a better solution in the application security world that can provide more in-depth insight into attacks as well as detect anomalous behavior.
Modern technologies such as cloud native and microservices applications introduce new threats, often unseen threats. Learn how to uncover the threats and improve your application security against the OWASP top 10 and OWASP API top 10.
Cloud-native, microservices architectures, and API's have become the new building blocks of today's modern apps. With these new technologies comes faster development speeds, more complexity, and more attack surfaces. Due to these challenges, securing modern applications requires a different mindset than before.
API Security is a vital part of delivering secure modern applications. Today's supply chain threat vector illustrates yet another reason why teams need to focus on microservice visibility and microservice security - effectively API Security.
Why modern applications and api security needs a new paradigm to address the security challenges of modern, cloud-native and microservice applications.
Modern applications require security and engineering too collaborate to ensure API security of their cloud-native and microservice-based applications
Modern applications based on containers, kubernetes, microservices, interwoven APIs require several key capabilities to be successful. API security is an emerging challenge that requires focus by all teams.
Protecting modern applications requires a clear understanding of risk, risk mitigation, and business impact. API Security is a critical concern.
Modern applications create new and unique security challenges that legacy WAFs cannot fully address.
Inon Shkedy, co-author of the OWASP API Top Ten, outlines the application security impact of API security and microservices.
Application security requirements have evolved along with modern, cloud-native application architectures. Learn what you should look for when exploring application security solutions which must address api security.
This is the first article in a 2-part blog series outlining how application security has changed (or needs to change to address api security).
API security is a crucial concern when deploying and managing modern applications. Machine learning enables robust, scalable, and resilient application security.
Traceable.ai now available to help teams address modern application security challenges that WAFs cannot. In many ways, we're here as a Web Application Api Protection (WAAP) solution for cloud native applications.
