WAFs are designed to protect your web applications from web application attacks. But they leave you vulnerable to API attacks. This blog discusses the 11 things that WAFs don’t do that are needed to properly protect APIs.
API Security
Subscribe for expert insights to protect your APIs.
Thanks! Your subscription has been recorded.
Manage your external attack surface with new Traceable Sonar
Traceable Sonar efficiently identifies and catalogs these assets, granting security teams a panoramic view of their external attack surface. But it doesn’t stop at discovery. Sonar delves deep into these assets, pinpointing vulnerabilities an attacker might exploit. By mirroring the probing techniques attackers use, Traceable Sonar equips organizations with critical insights into potential security loopholes.
Traceable Named a Leader in the 2023 GigaOm Radar for API Security, Again!
Traceable Named a Leader in the 2023 GigaOm Radar for API Security, Again! Traceable has, once again, been named a leader in the GigaOm Radar for API Security! We are thrilled to be recognized for our unwavering commitment to innovation, providing the industry’s...
Unveiling the Future of APIs: Key Insights from Postman’s 2023 State of the API Report
Explore key insights from Postman’s 2023 State of the API Report in our latest blog post. We delve into the top API security risks, the improvement in API security incidents, sector-specific challenges, the threat of “zombie APIs,” and the range of API security tools available. Join us as we navigate the future of API security, turning challenges into opportunities for innovation and growth.
The 2023 Cost of a Data Breach Hits $4.45 Million: Inside IBM’s Latest Report
Explore key insights from IBM’s “2023 Cost of a Data Breach Report” in our latest blog post. We delve into the escalating costs of data breaches, the importance of strategic security investments, and the role of AI and automation in mitigating these costs. Learn about the significance of secure software development practices, including API security, in enhancing your organization’s cybersecurity posture.
Customer Story: Fintech company reduces attack surface by 10x with Traceable’s API Security Platform
We recently sat down with one of our Fintech customers to discuss their API security journey. Providing digital investment and transaction services, this Fintech company needed to solve for its rapidly expanding attack surface. In this blog, we’ll summarize their journey with Traceable, providing highlights about how they discovered and secured tens of thousands of APIs in a distributed ecosystem, eliminating manual methods in favor of automatic API cataloging and protection.
Key Takeaways from Forrester’s 2023 State of Application Security Report
Explore the key insights from Forrester’s State of Application Security report 2023 in our latest blog post. We delve into the complexities of application security, the rise of Software Composition Analysis (SCA), and the importance of API security in today’s digital landscape. Learn about the Shift-Everywhere movement and how it’s shaping the future of application security. This comprehensive analysis is a must-read for anyone looking to understand the current trends and challenges in application security.
The Anatomy of an API Abuse Attack: A Hacker’s Process Unveiled
Unlock the secrets of API abuse attacks with our comprehensive blog post. Explore the anatomy of these cyber threats, from reconnaissance to data exfiltration, and delve into the extended threat landscape. Learn about advanced protective measures, industry standards, and regulations to fortify your API security. Enhance your understanding of API vulnerabilities and arm your organization with the knowledge to counteract malicious activities.
A Deep Dive Into API Security: Unpacking Traceable’s Definitive API Security Guide
A Deep Dive Into API Security: Unpacking Traceable's Definitive API Security Guide As we navigate through the increasingly digital landscape of the 21st century, APIs have become the unseen threads that stitch together our interconnected world. They underpin our web...
Data Loss Prevention in an API-Driven World
Preventing data loss has become incredibly challenging in an API-driven world. Companies lockdown sensitive data internally with access controls, encryption, data classification and data loss prevention (DLP) platforms. They typically safeguard web applications with application security tooling or Web Application Firewalls (WAF). Cloud Security is often implemented with dedicated secure access service edge (SASE) architectures, including cloud access security brokers (CASBs).
40% of Organizations Do Not Have an API Security Solution – Here’s What That Means
At the 2023 RSA Conference, a survey conducted by Traceable brought some troubling facts to the surface about how organizations are handling their API security — a theme that has become ground zero in cybersecurity circles.
5 Cybersecurity Leaders to Follow in 2023
These are five cybersecurity leaders you should follow in 2023. Their contributions to the field have revolutionized our understanding of cybersecurity and paved the way for the next generation of cyber professionals.
Why APIs are a Gateway for Credential Stuffing Attacks
This informative piece is a must-read for decision-makers in the cybersecurity industry looking to bolster their defenses against API abuse and credential stuffing attacks.”
Recent MOVEit Exploits: SQL Injection to Web Shell to Data Exfiltration
In the last few weeks, the security community has been shaken by a series of exploits targeting MOVEit, a popular file transfer software. These incidents have exposed critical vulnerabilities, allowing threat actors to compromise sensitive data and exploit organizations ranging from the BBS to several arms of the US Government.
The Imperative of API Ownership: A Nexus of Development and API Security
This blog delves into the transformative impact of API ownership on cybersecurity, arguing that security markedly improves when there is a defined owner who understands the API, its use cases, and potential vulnerabilities, and is accountable for its secure operation. API ownership, while requiring some organizational reorientation, is an investment in future-proofing against security breaches and a crucial component of an effective cybersecurity strategy.
Unpacking OWASP’s API9:2023: Improper Inventory Management
Discover the rising significance of API inventory in the evolving landscape of cybersecurity, as highlighted by the recently updated OWASP API Top 10. Our comprehensive blog discusses the crucial role API inventory plays in securing your digital assets, especially against the backdrop of escalating industry standards and regulatory requirements.
OWASP API Security Top 10 List 2023 Refresh
OWASP API Security Top 10 List 2023 Refresh, from one of the project leaders The OWASP API Security project just released the new version of the OWASP Top 10 for APIs. The project leaders - Paulo Silva, Erez Yalon, and I - Inon Shkedy, have been working together with...
Key Takeaways from the 2023 Verizon Data Breach Investigations Report
Explore the major findings from the 2023 Verizon Data Breach Investigations Report in our latest blog post. We delve into the rise of social engineering attacks, the human element in breaches, the most affected sectors, and the significance of web application attacks in today’s cybersecurity landscape.
The Double-edged Sword of Generative AI: Productivity Gain and Cybersecurity Risk
The Double-edged Sword of Generative AI: Productivity Gain and Cybersecurity Risk Artificial intelligence (AI), particularly the generative AI category, has been a game-changer in recent years. The phenomenal breakthrough, with models like OpenAI's ChatGPT, has...
Generative AI and API Security: Innovate Safely by Protecting Data Now
ChatGPT and other generative AI tools will transform business as we know it. However, enterprise teams need to move now to protect their sensitive data from being exposed, as it traverses APIs to answer user queries.
Traceable Introduces World’s First Zero Trust API Access (ZTAA) Solution
Traceable AI Introduces World’s First Zero Trust API Access (ZTAA) Solution Today we announce an industry first -- Zero Trust API Access! We are thrilled to offer such an innovative solution to our customers and the cybersecurity industry. This is a milestone, not...
How a Fintech Company achieved Context-Aware API Security to detect and block threats
Traceable Customer Story: How a Fintech Company achieved Context-Aware API Security to detect and block threats Fintech: one of the industries hardest hit by the need for API security, addressing additional API security regulations, as well as heightened risk by their...
‘Dr. Zero Trust’ Chase Cunningham Joins Traceable as an Advisor
‘Dr. Zero Trust’ Chase Cunningham Joins Traceable as an Advisor Traceable will leverage Cunningham’s industry-defining expertise to educate organizations on the intersection of API security and Zero Trust. Today we are excited to announce that Chase Cunningham, known...
The Telecom Industry: Why APIs Are Becoming their Worst Nightmare
The Telecom Industry: Why APIs Are Becoming their Worst Nightmare In the last six months, the Telecom industry has been hit by some massive, high-profile data breaches -- all of which happened by exploiting unprotected APIs. Gartner predicted that by 2022 APIs would...
Cybersecurity Roundup for February 2023: T-Mobile Fallout, ChatGPT abuse, and Shopify’s Hardcoded API Tokens
Cybersecurity Roundup - February 2023: T-Mobile Fallout, ChatGPT abuse, and Shopify's Hardcoded API Tokens This February saw a few API vulnerabilities that should serve not only as cautionary tales, but as face-palm moments. Shopify’s hard-coded API keys mean that 4...
FFIEC Compliance: The API Security Reckoning for Financial Institutions
FFIEC Compliance: The API Security Reckoning for Financial Institutions What is FFIEC Compliance? The FFIEC (Federal Financial Institutions Examination Council) is an interagency body of the U.S. government, made up of several financial regulatory agencies. It was...
OWASP API Security Top 10 2023 RC Published
OWASP API Security Top 10 2023 RC Published Why API Security? APIs have become an integral part of modern software development. APIs allow different software systems to communicate and exchange data, enabling developers to create complex applications by combining...
Traceable Wins 2023 Devies Award for Best Innovation in API Security
Traceable Wins 2023 DEVIES Award for API Security Innovation Traceable has won another award! We've been chosen as the recipient of a 2023 DEVIES Award for API Security, recognizing outstanding design, engineering, and innovation in developer technology. Since our...
Sensitive Data Exfiltration: The New Nemesis of API Security
Sensitive Data Exfiltration: The New Nemesis of API Security This past year has brought many different industries some of the worst data breaches in history, and API data breaches have topped that list. Large companies such as T-Mobile, Optus, and several automotive...
Traceable API Security Platform Update: End of 2022
Traceable API Security Platform Update: End of 2022 Happy New year from the Traceable team! We want to share some key product updates released in the last two months. API Catalog - Complete Visibility and API Governance Improved automatic authentication detection...
Cybersecurity Roundup for January 2023: API Attacks Front and Center
Cybersecurity Roundup for January 2023: T-Mobile data leak, CircleCI vulnerability, rampant API automotive exploits possible, AWS Vulnerability, and Cryptotheft by API This year began with API attacks leading the way as the top vector for data breaches. The entire...
Top Webinars of 2022: The Most Popular Sessions and Where to Find Them
Top Webinars of 2022: The Most Popular Sessions and Where to Find Them 2022 was a big year for Traceable, and we produced some great sessions to help organizations get on track with their API security initiatives. We've compiled our most popular sessions of 2022, from...
Webinar Recap: FFIEC Compliance and What It Means for API Security
Webinar Recap: FFIEC Compliance and What It Means for API Security Earlier this month, Traceable announced our capabilities for FFIEC compliance - but you may be wondering, what exactly are the new FFIEC new guidelines, and what does that mean for API Security? To...
Traceable Announces Commitment to Respecting Data by Becoming a 2023 Data Privacy Week Champion
Traceable Announces Commitment to Respecting Data by Becoming a 2023 Data Privacy Week Champion This year’s initiative emphasizes educating businesses on data collection best practices that respect data privacy and promoting transparency. Data Privacy Week is an...
T-Mobile’s API Data Breach: The API Security Reckoning is Here
T-Mobile's API Data Breach: The API Security Reckoning is Here We are roughly three weeks into 2023, and here we are, contending with the second major API data breach of the year. If this is any indication of how this year will progress, we have some hard questions to...
How API Abuse Became the Top Vector for Data Breaches
Introduction - What is API Abuse? API Abuse has recently become an important topic among security professionals, and for good reason. In the past two years, we’ve seen large scale data breaches happen as a result of APIs being abused and misused in some way. API Abuse...
Why the Pentagon Needs to Factor in API Security to Establish a True Zero Trust Strategy
Why the Pentagon Needs to Factor in API Security to Establish a True Zero Trust Strategy President Biden’s Executive Order on Cyber Security, issued in 2021, provides a strong vote of confidence for Zero Trust security models. The order requires that federal...
A Modern Approach to API Governance: Challenges and Recommendations
A Modern Approach to API Governance: Challenges and Recommendations Introduction With any IT system, old or new, adequate risk management is critical for sufficient system protection, prioritizing of issues, data privacy, and making sure appropriate compliance...
The CircleCI Data Breach: The TLDR
The CircleCI Data Breach: The TLDR CircleCI, a developer product focused on Continuous Integration (CI) and Continuous Deployment (CD), with over one million users, published an advisory this week urging its customers to immediately rotate all secrets following a...
Shadow APIs: The New Form of Shadow IT
Shadow APIs: The New Form of Shadow IT and What You Can Do About It While many security professionals are more than familiar with the term “Shadow IT”, Shadow APIs are just starting to become a known phenomenon. And of course they’re becoming a big deal. Most...
The HackerOne 2022 Report: Analysis and Insight on Modern Day Vulnerabilities
About the 2022 HackerOne Security Report HackerOne released its 6th annual Hacker-Powered Security Report. The Company has been surveying ethical hackers to get their perspective on cybersecurity and risk. The 2022 Hacker-Powered Security Report includes insights from...
Top Data Breaches of 2022 and What they Mean for API Security
Top Data Breaches of 2022 and What they Mean for API Security 2022 was quite a year for data breaches. Isn’t that always the story? Each year, the data breaches become worse, resulting in higher costs, brand value erosion, and effectively propel so many security...
How Jobvite Eliminated API Sprawl with Traceable’s API Security Platform
How Jobvite Eliminated API Sprawl with Traceable’s API Security Platform The rise of distributed applications and microservices has created a new attack surface. One which is not fully understood by many security professionals or addressed by existing solutions in the...
Defense in Depth: A Guide to Layered Security
This article will go over how defense in depth and layered security work as well as the benefits of using them.
2023 Cybersecurity Predictions:API Security Q&A w/ Richard Bird
2023 Cybersecurity Predictions: Insights on the Future of API Security from Traceable CSO, Richard Bird It's that time again! It's time for experts around the globe address the year we are leaving behind, assessing our success and failures as an industry, and thinking...
How to Plan Your Cloud Security Architecture
In this post, you’ll learn some essential tips and tricks about planning your cloud security architecture.
The Business Case for API Security: Why API Security? Why Now?
The Business Case for API Security: Why API Security? Why Now? We are just about to finish yet another year -- 2022. And in terms of cybersecurity and specifically, API Security, the past 12 months has been quite a challenge for many industries. As with any emerging...
NextRoll Gains 8x Visibility into APIs and Solves API Sprawl
NextRoll Gains 8x Visibility into APIs and Solves API Sprawl It's time for another customer story from Traceable! Today's blog highlights NextRoll's journey to API Security, and specifically their struggle with API Sprawl and gaining visibility into all APIs. Let's...
Cloud DLP: What It Is and Why It’s Needed
Cloud DLP: What It Is and Why It's Needed The 21st century has moved data storage practices from traditional modes such as the use of hard drives to incorporate cloud-based methods. Cloud data storage involves storing data in a secure manner on the internet through a...
Sensitive Data Leakage: Defined and Explained
Sensitive Data Leakage: Defined and Explained We live in a digital world where everything happens on the internet, from filling out important financial forms to online shopping. All such activities require you to fill in some sensitive data via the internet. As more...