What are GraphQL Fragments? How can you take advantage if them to write cleaner code and more efficient applications? Find out here.
Subscribe for expert insights to protect your applications.
Thanks! Your subscription has been recorded.
Striking a Proper Balance: Why Comprehensive API Security Requires Both Agentless and Agent-Based Data Collection
Agents-based gathering methods have evolved and matured to listen for and record deeper and wider to ascertain more data-driven insights and analysis.
Traceable AI’s Renata Budko Reflects on Cybersecurity Career Accomplishments and Vast Opportunities for Other Women
To stay relevant as a cybersecurity professional, you need to understand the microservices and what are the changes in architectures and APIs and how they can be attacked.
We will continue to invest in building unassailable API security that operates at hyperscale for complete API discovery, posture management, protection, and operational analytics.
In this post, we’ll look at API latency including how you measure it, the difference between API response time and API latency, and more.
The beginning of defining a framework for what requirements a good API security solution should meet. Intended to encourage a healthy discussion and be a tide that lifts all boats in getting to a more secure API-driven future.
Organizations must understand all the APIs in their ecosystems, as well as the specific risks associated with each of them to both detect and protect against attacks.
Cyberspace is the ultimate equalizer where it doesn’t matter how much money or resources a company has, everyone is equally vulnerable to a breach.
Thinking about how to secure microservices? In this article you’ll find 6 things you can’t forget when it comes to microservices security.
Serverless vs containers: Which one is right for your application? Learn more about these two main approaches to deploying applications.
This post explains what a CRUD API is and how to apply it to different use cases to protect and interact with data in very specific ways.
We now have advanced tools that can make threat hunting easier and more accessible. In this post, learn about 5 threat hunting tools for API security.
Learn what DDoS is and what it can do to your API endpoints, how to mitigate DDOS attacks, and build a security response.
When you build application software and APIs, you’ll often hear about “business logic.” In this post you’ll learn everything about it.
Learn about Network Traffic Analysis, its importance and different strengths and weaknesses.
The world of API compliance is more important than ever today. In this post, dig deeper into API compliance and its importance.
API security is a fundamental part of web applications. It is a great tool to help protect your apps, your business, and your users.
Your API should be accessible and flexible. Read this to learn how to make an API that follows API architecture and design guidelines.
API governance involves sticking to a set of principles when building an API. It’s crucial since apps, organizations, and data sources will use the API.
It’s very important that we think about how not to expose sensitive data, and that’s what this article is about: Sensitive Data Exposure.
A guide about API ownership for leadership, senior engineers, security experts, and product managers to make/work better together.
Every week, new API vulnerabilities are open to attackers. API security is essential, especially for those who depend on them.
In this post, you’ll learn about the most important microservices security principles and some best practices.
Nowadays, protecting within the organization is table stakes, and we have to go beyond the four walls, we have to go and make sure that not only do we protect our organization, we also have to consider the ecosystem of our partners, the supply chain consisting of other third parties. These third parties and multiple stakeholders are going to interact with our systems, and we are going to interact with their systems using APIs. So, when we start interacting with APIs, cloud and SaaS models, the overall system is no longer within four walls or defined boundaries.
How Houwzer speeds growth and innovation for online real estate by gaining insights into API use and behavior
A discussion on how a cloud-based home-brokerage-enabler, Houwzer, constructed a resilient API-based platform as the heart of its services integration engine.
Explore how API-intensive and API-experienced businesses are bringing maturity to their APIs’ protections through greater observability, tracing, and usage analysis.
Security and IT teams need to tackle this problem in a structured process that takes into account API application security best practices and procedures that constantly evaluate an organization’s APIs.
A look at the challenges teams face with mitigating Log4j vulnerabilities (i.e. Log4Shell) and how Traceable AI closes those gaps.
The new Log4j vulnerability (Log4Shell) has gotten the Internet up in arms. There are active exploits and scanning for the vulnerability is rampant. The vulnerability is widespread and will take time to resolve everywhere. Here’s how can Traceable AI help.
A popular fairy tale told in IT circles is that the internet is built on a perfectly orchestrated 7-layer stack. A popular extension of this notion is that enterprises can secure their infrastructure using a layered approach to security. Like most fairy tales, there is some truth in these stories.
December has finally come and Traceable AI has released a whole new suite of software features for our customers, with the continued aim of ensuring the best API Security solution on the market.
Today’s modern organizations are powered through mission-critical applications deployed in the cloud to drive their businesses. The building blocks of these applications are microservices developed by small teams of developers that enable rapid release cycles to deliver features to market more quickly. The connective tissue that binds these microservices together to work in tandem are APIs.
We are pleased to announce that Traceable AI has added a new agentless deployment option of traffic mirroring for customers who wish to deploy an API security solution to protect their API-driven applications.
In 2019, I hacked 30 bank mobile apps and APIs in coordination with domestic and international financial services and FinTech companies. In 2020-2021, I hacked 30 mobile health (mHealth) apps and FHIR APIs in coordination with healthcare providers, giving me access to thousands of patient records via their APIs due to broken authentication and authorization vulnerabilities. This year, in coordination with federal and state law enforcement agencies, I was able to take remote control of law enforcement vehicles through the automaker’s APIs.
Bold security threats are giving rise to a new industry of API-specific security capabilities much more powerful than current management tools.
In this article, I dig into the details about Broken Object Level Authorization (BOLA) — the most common and most severe API vulnerability today according to the OWASP API Security Project. Insecure Direct Object Reference (IDOR) and BOLA are the same thing. The name was changed from IDOR to BOLA as part of the project.
Security is really important. There is nothing like the gut-wrenching feeling of exposing users’ data. However, security isn’t the most exciting part of web development and is often ignored. Using AWS CloudFront and AWS WAF together, you can add some security to your sites with less work and focus on making features for your users.
APIs are the pipes that connect various applications and (micro)services. As data flows through them, security is of utmost importance to prevent data leakage. Also, since APIs are like doors into your application, they’re the obvious entry point for attackers who want to break your system.
Better security rules increase false positives — which causes more complacency. Better tools for creating the context for more sophisticated rules and automated workflows can help.
As part of DevSecOps best practices, modern application developers and security teams should borrow techniques from crime scene forensics to investigate and protect against attacks.
Today marks an exciting milestone for us and for the security industry overall. Today, we are announcing the industry’s first free API security solution.
Teams need to address three core elements to develop an effective yet scalable model for API security.
Shadow APIs lurk outside the sight of normal IT governance processes. The problem: Attackers can use them to access data and applications.
Like the undead, deprecated APIs can lurk hidden in the background until an attacker gives them new life. The fix? A proper funeral.
Attackers have learned to defeat traditional ‘moat around the castle’ perimeter defenses. Modern application security tools offer the answer: distributed tracing and AI that understands the app they protect.
What cloud application security options are available to protect personal data in the API economy?
When a security expert tested several dozen mobile health applications, all had API vulnerabilities that could leak personal information. This should be a warning call.
We’re living in a world of continuous change, which makes it hard to manage APIs. Read this guide to API security challenges and how to fix them.
Everything You Need to Know About Authentication and Authorization in Web APIs – Part 2
Attackers are listening to your API chatter, finding vulnerabilities that reveal valuable (and personal) data. Here’s what developers should consider to protect against excessive data exposure.