fbpx

API Security

Subscribe for expert insights to protect your applications.

Thanks! Your subscription has been recorded.

Building an API Security Solution Framework

Building an API Security Solution Framework

The beginning of defining a framework for what requirements a good API security solution should meet. Intended to encourage a healthy discussion and be a tide that lifts all boats in getting to a more secure API-driven future.

What is a CRUD API?

What is a CRUD API?

This post explains what a CRUD API is and how to apply it to different use cases to protect and interact with data in very specific ways.

A Beginner’s Guide to API Governance

A Beginner’s Guide to API Governance

API governance involves sticking to a set of principles when building an API. It’s crucial since apps, organizations, and data sources will use the API.

Bigger Organizations Have Multiple Attack Surfaces

Bigger Organizations Have Multiple Attack Surfaces

Nowadays, protecting within the organization is table stakes, and we have to go beyond the four walls, we have to go and make sure that not only do we protect our organization, we also have to consider the ecosystem of our partners, the supply chain consisting of other third parties. These third parties and multiple stakeholders are going to interact with our systems, and we are going to interact with their systems using APIs. So, when we start interacting with APIs, cloud and SaaS models, the overall system is no longer within four walls or defined boundaries.

How to take a layered approach to API security

How to take a layered approach to API security

A popular fairy tale told in IT circles is that the internet is built on a perfectly orchestrated 7-layer stack. A popular extension of this notion is that enterprises can secure their infrastructure using a layered approach to security. Like most fairy tales, there is some truth in these stories.

API Observability: A framework for managing your applications in an API world

API Observability: A framework for managing your applications in an API world

Today’s modern organizations are powered through mission-critical applications deployed in the cloud to drive their businesses. The building blocks of these applications are microservices developed by small teams of developers that enable rapid release cycles to deliver features to market more quickly. The connective tissue that binds these microservices together to work in tandem are APIs.

The Perils of Overestimating the Security of Your APIs

The Perils of Overestimating the Security of Your APIs

In 2019, I hacked 30 bank mobile apps and APIs in coordination with domestic and international financial services and FinTech companies. In 2020-2021, I hacked 30 mobile health (mHealth) apps and FHIR APIs in coordination with healthcare providers, giving me access to thousands of patient records via their APIs due to broken authentication and authorization vulnerabilities. This year, in coordination with federal and state law enforcement agencies, I was able to take remote control of law enforcement vehicles through the automaker’s APIs.

AWS WAF and CloudFront: How to Use Them Together

AWS WAF and CloudFront: How to Use Them Together

Security is really important. There is nothing like the gut-wrenching feeling of exposing users’ data. However, security isn’t the most exciting part of web development and is often ignored. Using AWS CloudFront and AWS WAF together, you can add some security to your sites with less work and focus on making features for your users.

How to Test API Security: A Guide and Checklist

How to Test API Security: A Guide and Checklist

APIs are the pipes that connect various applications and (micro)services. As data flows through them, security is of utmost importance to prevent data leakage. Also, since APIs are like doors into your application, they’re the obvious entry point for attackers who want to break your system.

Top 5 Ways To Protect Against Data Exposure

Top 5 Ways To Protect Against Data Exposure

Attackers are listening to your API chatter, finding vulnerabilities that reveal valuable (and personal) data. Here’s what developers should consider to protect against excessive data exposure.