What are GraphQL Fragments? How can you take advantage if them to write cleaner code and more efficient applications? Find out here.
API Security
Subscribe for expert insights to protect your applications.
Thanks! Your subscription has been recorded.
Striking a Proper Balance: Why Comprehensive API Security Requires Both Agentless and Agent-Based Data Collection
Agents-based gathering methods have evolved and matured to listen for and record deeper and wider to ascertain more data-driven insights and analysis.
Traceable AI’s Renata Budko Reflects on Cybersecurity Career Accomplishments and Vast Opportunities for Other Women
To stay relevant as a cybersecurity professional, you need to understand the microservices and what are the changes in architectures and APIs and how they can be attacked.
Traceable Enters Next Phase of Growth to Deliver Hyperscale API Security
We will continue to invest in building unassailable API security that operates at hyperscale for complete API discovery, posture management, protection, and operational analytics.
How to Think About and Test API Latency
In this post, we’ll look at API latency including how you measure it, the difference between API response time and API latency, and more.
Building an API Security Solution Framework
The beginning of defining a framework for what requirements a good API security solution should meet. Intended to encourage a healthy discussion and be a tide that lifts all boats in getting to a more secure API-driven future.
Shadow APIs require a search light of discovery
Organizations must understand all the APIs in their ecosystems, as well as the specific risks associated with each of them to both detect and protect against attacks.
APISecure: The First API Security Conference Makes Its Debut on the World Stage
Cyberspace is the ultimate equalizer where it doesn’t matter how much money or resources a company has, everyone is equally vulnerable to a breach.
How to Secure Microservices: The 6 Things You Can’t Forget
Thinking about how to secure microservices? In this article you’ll find 6 things you can’t forget when it comes to microservices security.
Serverless vs Containers: What’s Right for Your Application?
Serverless vs containers: Which one is right for your application? Learn more about these two main approaches to deploying applications.
What is a CRUD API?
This post explains what a CRUD API is and how to apply it to different use cases to protect and interact with data in very specific ways.
5 Best Threat Hunting Tools for Your Security Team
We now have advanced tools that can make threat hunting easier and more accessible. In this post, learn about 5 threat hunting tools for API security.
How to Mitigate DDoS Attacks on Your APIs
Learn what DDoS is and what it can do to your API endpoints, how to mitigate DDOS attacks, and build a security response.
What Is Business Logic? The Inquisitive Reader’s Guide.
When you build application software and APIs, you’ll often hear about “business logic.” In this post you’ll learn everything about it.
What is Network Traffic Analysis?
Learn about Network Traffic Analysis, its importance and different strengths and weaknesses.
How Can I Achieve API Compliance?
The world of API compliance is more important than ever today. In this post, dig deeper into API compliance and its importance.
4 API Security Best Practices You Should Adopt Today
API security is a fundamental part of web applications. It is a great tool to help protect your apps, your business, and your users.
How to Design Delightful API Architectures
Your API should be accessible and flexible. Read this to learn how to make an API that follows API architecture and design guidelines.
A Beginner’s Guide to API Governance
API governance involves sticking to a set of principles when building an API. It’s crucial since apps, organizations, and data sources will use the API.
Sensitive Data Exposure: Why It Hurts
It’s very important that we think about how not to expose sensitive data, and that’s what this article is about: Sensitive Data Exposure.
What Is API Ownership and How Can It Help Your Team?
A guide about API ownership for leadership, senior engineers, security experts, and product managers to make/work better together.
3 API Vulnerabilities to Look Out For
Every week, new API vulnerabilities are open to attackers. API security is essential, especially for those who depend on them.
Microservice Security Principles and Best Practices
In this post, you’ll learn about the most important microservices security principles and some best practices.
Bigger Organizations Have Multiple Attack Surfaces
Nowadays, protecting within the organization is table stakes, and we have to go beyond the four walls, we have to go and make sure that not only do we protect our organization, we also have to consider the ecosystem of our partners, the supply chain consisting of other third parties. These third parties and multiple stakeholders are going to interact with our systems, and we are going to interact with their systems using APIs. So, when we start interacting with APIs, cloud and SaaS models, the overall system is no longer within four walls or defined boundaries.
How Houwzer speeds growth and innovation for online real estate by gaining insights into API use and behavior
A discussion on how a cloud-based home-brokerage-enabler, Houwzer, constructed a resilient API-based platform as the heart of its services integration engine.
When it comes to API security, expect the whole world to be testing your mettle, says Twitter CISO
Explore how API-intensive and API-experienced businesses are bringing maturity to their APIs’ protections through greater observability, tracing, and usage analysis.
Observability, AI And Context: Protecting APIs From Today’s (And Tomorrow’s) Attacks
Security and IT teams need to tackle this problem in a structured process that takes into account API application security best practices and procedures that constantly evaluate an organization’s APIs.
Instant Log4j protection. Shield and hunt with Traceable AI
A look at the challenges teams face with mitigating Log4j vulnerabilities (i.e. Log4Shell) and how Traceable AI closes those gaps.
Traceable AI Protects Against the Log4j / Log4Shell Vulnerabilities
The new Log4j vulnerability (Log4Shell) has gotten the Internet up in arms. There are active exploits and scanning for the vulnerability is rampant. The vulnerability is widespread and will take time to resolve everywhere. Here’s how can Traceable AI help.
How to take a layered approach to API security
A popular fairy tale told in IT circles is that the internet is built on a perfectly orchestrated 7-layer stack. A popular extension of this notion is that enterprises can secure their infrastructure using a layered approach to security. Like most fairy tales, there is some truth in these stories.
Traceable AI Software Release – November 2021 Update
December has finally come and Traceable AI has released a whole new suite of software features for our customers, with the continued aim of ensuring the best API Security solution on the market.
API Observability: A framework for managing your applications in an API world
Today’s modern organizations are powered through mission-critical applications deployed in the cloud to drive their businesses. The building blocks of these applications are microservices developed by small teams of developers that enable rapid release cycles to deliver features to market more quickly. The connective tissue that binds these microservices together to work in tandem are APIs.
Securing your APIs with Traceable AI agentless deployments
We are pleased to announce that Traceable AI has added a new agentless deployment option of traffic mirroring for customers who wish to deploy an API security solution to protect their API-driven applications.
The Perils of Overestimating the Security of Your APIs
In 2019, I hacked 30 bank mobile apps and APIs in coordination with domestic and international financial services and FinTech companies. In 2020-2021, I hacked 30 mobile health (mHealth) apps and FHIR APIs in coordination with healthcare providers, giving me access to thousands of patient records via their APIs due to broken authentication and authorization vulnerabilities. This year, in coordination with federal and state law enforcement agencies, I was able to take remote control of law enforcement vehicles through the automaker’s APIs.
API Management Gateways Don’t Provide Enough Security
Bold security threats are giving rise to a new industry of API-specific security capabilities much more powerful than current management tools.
A Deep Dive On The Most Critical API Vulnerability — BOLA (Broken Object Level Authorization)
In this article, I dig into the details about Broken Object Level Authorization (BOLA) — the most common and most severe API vulnerability today according to the OWASP API Security Project. Insecure Direct Object Reference (IDOR) and BOLA are the same thing. The name was changed from IDOR to BOLA as part of the project.
AWS WAF and CloudFront: How to Use Them Together
Security is really important. There is nothing like the gut-wrenching feeling of exposing users’ data. However, security isn’t the most exciting part of web development and is often ignored. Using AWS CloudFront and AWS WAF together, you can add some security to your sites with less work and focus on making features for your users.
How to Test API Security: A Guide and Checklist
APIs are the pipes that connect various applications and (micro)services. As data flows through them, security is of utmost importance to prevent data leakage. Also, since APIs are like doors into your application, they’re the obvious entry point for attackers who want to break your system.
Try a DevOps Approach to Reduce Security False Positives and Negatives
Better security rules increase false positives — which causes more complacency. Better tools for creating the context for more sophisticated rules and automated workflows can help.
Planning for Modern Application Security Forensics and Exploration
As part of DevSecOps best practices, modern application developers and security teams should borrow techniques from crime scene forensics to investigate and protect against attacks.
Announcing Traceable AI – The First Free API Security Solution
Today marks an exciting milestone for us and for the security industry overall. Today, we are announcing the industry’s first free API security solution.
API Authentication and Authorization the Right Way — Part 3
Teams need to address three core elements to develop an effective yet scalable model for API security.
Shine a Light on Shadow APIs To Improve Security
Shadow APIs lurk outside the sight of normal IT governance processes. The problem: Attackers can use them to access data and applications.
How Zombie APIs Pose a Forgotten Vulnerability
Like the undead, deprecated APIs can lurk hidden in the background until an attacker gives them new life. The fix? A proper funeral.
Web API Security: Rule-Based and Signature-Based Only Security Isn’t Good Enough
Attackers have learned to defeat traditional ‘moat around the castle’ perimeter defenses. Modern application security tools offer the answer: distributed tracing and AI that understands the app they protect.
How To Avoid Exposing Private Data By Securing APIs
What cloud application security options are available to protect personal data in the API economy?
The Prescription for Vulnerable Mobile Health Apps: Protect APIs
When a security expert tested several dozen mobile health applications, all had API vulnerabilities that could leak personal information. This should be a warning call.
API Security Challenges: How to Manage APIs Amidst Continuous Change
We’re living in a world of continuous change, which makes it hard to manage APIs. Read this guide to API security challenges and how to fix them.
The Consequences of Poor Authentication and Authorization Practices in APIs
Everything You Need to Know About Authentication and Authorization in Web APIs – Part 2
Top 5 Ways To Protect Against Data Exposure
Attackers are listening to your API chatter, finding vulnerabilities that reveal valuable (and personal) data. Here’s what developers should consider to protect against excessive data exposure.