fbpx

API Security

Subscribe for expert insights to protect your APIs.

Thanks! Your subscription has been recorded.

11 Reasons Your WAF Can’t Secure Your APIs

11 Reasons Your WAF Can’t Secure Your APIs

WAFs are designed to protect your web applications from web application attacks. But they leave you vulnerable to API attacks. This blog discusses the 11 things that WAFs don’t do that are needed to properly protect APIs.

Manage your external attack surface with new Traceable Sonar

Manage your external attack surface with new Traceable Sonar

Traceable Sonar efficiently identifies and catalogs these assets, granting security teams a panoramic view of their external attack surface. But it doesn’t stop at discovery. Sonar delves deep into these assets, pinpointing vulnerabilities an attacker might exploit. By mirroring the probing techniques attackers use, Traceable Sonar equips organizations with critical insights into potential security loopholes.

Unveiling the Future of APIs: Key Insights from Postman’s 2023 State of the API Report

Unveiling the Future of APIs: Key Insights from Postman’s 2023 State of the API Report

Explore key insights from Postman’s 2023 State of the API Report in our latest blog post. We delve into the top API security risks, the improvement in API security incidents, sector-specific challenges, the threat of “zombie APIs,” and the range of API security tools available. Join us as we navigate the future of API security, turning challenges into opportunities for innovation and growth.

The 2023 Cost of a Data Breach Hits $4.45 Million: Inside IBM’s Latest Report

The 2023 Cost of a Data Breach Hits $4.45 Million: Inside IBM’s Latest Report

Explore key insights from IBM’s “2023 Cost of a Data Breach Report” in our latest blog post. We delve into the escalating costs of data breaches, the importance of strategic security investments, and the role of AI and automation in mitigating these costs. Learn about the significance of secure software development practices, including API security, in enhancing your organization’s cybersecurity posture.

Customer Story: Fintech company reduces attack surface by 10x with Traceable’s API Security Platform

Customer Story: Fintech company reduces attack surface by 10x with Traceable’s API Security Platform

We recently sat down with one of our Fintech customers to discuss their API security journey. Providing digital investment and transaction services, this Fintech company needed to solve for its rapidly expanding attack surface.   In this blog, we’ll summarize their journey with Traceable, providing highlights about how they discovered and secured tens of thousands of APIs in a distributed ecosystem, eliminating manual methods in favor of automatic API cataloging and protection.

Key Takeaways from Forrester’s 2023 State of Application Security Report

Key Takeaways from Forrester’s 2023 State of Application Security Report

Explore the key insights from Forrester’s State of Application Security report 2023 in our latest blog post. We delve into the complexities of application security, the rise of Software Composition Analysis (SCA), and the importance of API security in today’s digital landscape. Learn about the Shift-Everywhere movement and how it’s shaping the future of application security. This comprehensive analysis is a must-read for anyone looking to understand the current trends and challenges in application security.

The Anatomy of an API Abuse Attack: A Hacker’s Process Unveiled

The Anatomy of an API Abuse Attack: A Hacker’s Process Unveiled

Unlock the secrets of API abuse attacks with our comprehensive blog post. Explore the anatomy of these cyber threats, from reconnaissance to data exfiltration, and delve into the extended threat landscape. Learn about advanced protective measures, industry standards, and regulations to fortify your API security. Enhance your understanding of API vulnerabilities and arm your organization with the knowledge to counteract malicious activities.

Data Loss Prevention in an API-Driven World

Data Loss Prevention in an API-Driven World

Preventing data loss has become incredibly challenging in an API-driven world. Companies lockdown sensitive data internally with access controls, encryption, data classification and data loss prevention (DLP) platforms. They typically safeguard web applications with application security tooling or Web Application Firewalls (WAF). Cloud Security is often implemented with dedicated secure access service edge (SASE) architectures, including cloud access security brokers (CASBs).

5 Cybersecurity Leaders to Follow in 2023

5 Cybersecurity Leaders to Follow in 2023

These are five cybersecurity leaders you should follow in 2023. Their contributions to the field have revolutionized our understanding of cybersecurity and paved the way for the next generation of cyber professionals.

Recent MOVEit Exploits: SQL Injection to Web Shell to Data Exfiltration

Recent MOVEit Exploits: SQL Injection to Web Shell to Data Exfiltration

In the last few weeks, the security community has been shaken by a series of exploits targeting MOVEit, a popular file transfer software. These incidents have exposed critical vulnerabilities, allowing threat actors to compromise sensitive data and exploit organizations ranging from the BBS to several arms of the US Government.

The Imperative of API Ownership: A Nexus of Development and API Security

The Imperative of API Ownership: A Nexus of Development and API Security

This blog delves into the transformative impact of API ownership on cybersecurity, arguing that security markedly improves when there is a defined owner who understands the API, its use cases, and potential vulnerabilities, and is accountable for its secure operation. API ownership, while requiring some organizational reorientation, is an investment in future-proofing against security breaches and a crucial component of an effective cybersecurity strategy.

Unpacking OWASP’s API9:2023: Improper Inventory Management

Unpacking OWASP’s API9:2023: Improper Inventory Management

Discover the rising significance of API inventory in the evolving landscape of cybersecurity, as highlighted by the recently updated OWASP API Top 10. Our comprehensive blog discusses the crucial role API inventory plays in securing your digital assets, especially against the backdrop of escalating industry standards and regulatory requirements.

OWASP API Security Top 10 List 2023 Refresh

OWASP API Security Top 10 List 2023 Refresh

OWASP API Security Top 10 List 2023 Refresh, from one of the project leaders The OWASP API Security project just released the new version of the OWASP Top 10 for APIs. The project leaders - Paulo Silva, Erez Yalon, and I - Inon Shkedy, have been working together with...

Key Takeaways from the 2023 Verizon Data Breach Investigations Report

Key Takeaways from the 2023 Verizon Data Breach Investigations Report

Explore the major findings from the 2023 Verizon Data Breach Investigations Report in our latest blog post. We delve into the rise of social engineering attacks, the human element in breaches, the most affected sectors, and the significance of web application attacks in today’s cybersecurity landscape.

‘Dr. Zero Trust’ Chase Cunningham Joins Traceable as an Advisor

‘Dr. Zero Trust’ Chase Cunningham Joins Traceable as an Advisor

‘Dr. Zero Trust’ Chase Cunningham Joins Traceable as an Advisor  Traceable will leverage Cunningham’s industry-defining expertise to educate organizations on the intersection of API security and Zero Trust. Today we are excited to announce that Chase Cunningham, known...

The Telecom Industry: Why APIs Are Becoming their Worst Nightmare

The Telecom Industry: Why APIs Are Becoming their Worst Nightmare

The Telecom Industry: Why APIs Are Becoming their Worst Nightmare In the last six months, the Telecom industry has been hit by some massive, high-profile data breaches -- all of which happened by exploiting unprotected APIs. Gartner predicted that by 2022 APIs would...

OWASP API Security Top 10 2023 RC Published

OWASP API Security Top 10 2023 RC Published

OWASP API Security Top 10 2023 RC Published Why API Security? APIs have become an integral part of modern software development. APIs allow different software systems to communicate and exchange data, enabling developers to create complex applications by combining...

Sensitive Data Exfiltration: The New Nemesis of API Security

Sensitive Data Exfiltration: The New Nemesis of API Security

Sensitive Data Exfiltration: The New Nemesis of API Security This past year has brought many different industries some of the worst data breaches in history, and API data breaches have topped that list. Large companies such as T-Mobile, Optus, and several automotive...

Traceable API Security Platform Update: End of 2022

Traceable API Security Platform Update: End of 2022

Traceable API Security Platform Update: End of 2022 Happy New year from the Traceable team! We want to share some key product updates released in the last two months. API Catalog - Complete Visibility and API Governance Improved automatic authentication detection...

Webinar Recap: FFIEC Compliance and What It Means for API Security

Webinar Recap: FFIEC Compliance and What It Means for API Security

Webinar Recap: FFIEC Compliance and What It Means for API Security Earlier this month, Traceable announced our capabilities for FFIEC compliance - but you may be wondering, what exactly are the new FFIEC new guidelines, and what does that mean for API Security? To...

T-Mobile’s API Data Breach: The API Security Reckoning is Here

T-Mobile’s API Data Breach: The API Security Reckoning is Here

T-Mobile's API Data Breach: The API Security Reckoning is Here We are roughly three weeks into 2023, and here we are, contending with the second major API data breach of the year. If this is any indication of how this year will progress, we have some hard questions to...

How API Abuse Became the Top Vector  for Data Breaches

How API Abuse Became the Top Vector for Data Breaches

Introduction - What is API Abuse? API Abuse has recently become an important topic among security professionals, and for good reason. In the past two years, we’ve seen large scale data breaches happen as a result of APIs being abused and misused in some way. API Abuse...

The CircleCI Data Breach: The TLDR

The CircleCI Data Breach: The TLDR

The CircleCI Data Breach: The TLDR CircleCI, a developer product focused on Continuous Integration (CI) and Continuous Deployment (CD), with over one million users, published an advisory this week urging its customers to immediately rotate all secrets following a...

Shadow APIs: The New Form of Shadow IT

Shadow APIs: The New Form of Shadow IT

Shadow APIs: The New Form of Shadow IT and What You Can Do About It While many security professionals are more than familiar with the term “Shadow IT”, Shadow APIs are just starting to become a known phenomenon.  And of course they’re becoming a big deal. Most...

Top Data Breaches of 2022 and What they Mean  for API Security

Top Data Breaches of 2022 and What they Mean for API Security

Top Data Breaches of 2022 and What they Mean for API Security 2022 was quite a year for data breaches. Isn’t that always the story? Each year, the data breaches become worse, resulting in higher costs, brand value erosion, and effectively propel so many security...

2023 Cybersecurity Predictions:API Security Q&A w/ Richard Bird

2023 Cybersecurity Predictions:API Security Q&A w/ Richard Bird

2023 Cybersecurity Predictions: Insights on the Future of API Security from Traceable CSO, Richard Bird It's that time again! It's time for experts around the globe address the year we are leaving behind, assessing our success and failures as an industry, and thinking...

The Business Case for API Security: Why API Security? Why Now?

The Business Case for API Security: Why API Security? Why Now?

The Business Case for API Security: Why API Security? Why Now? We are just about to finish yet another year -- 2022. And in terms of cybersecurity and specifically, API Security, the past 12 months has been quite a challenge for many industries. As with any emerging...

NextRoll Gains 8x Visibility into APIs and Solves API Sprawl

NextRoll Gains 8x Visibility into APIs and Solves API Sprawl

NextRoll Gains 8x Visibility into APIs and Solves API Sprawl It's time for another customer story from Traceable! Today's blog highlights NextRoll's journey to API Security, and specifically their struggle with API Sprawl and gaining visibility into all APIs. Let's...

Cloud DLP: What It Is and Why It’s Needed

Cloud DLP: What It Is and Why It’s Needed

Cloud DLP: What It Is and Why It's Needed The 21st century has moved data storage practices from traditional modes such as the use of hard drives to incorporate cloud-based methods. Cloud data storage involves storing data in a secure manner on the internet through a...

Sensitive Data Leakage: Defined and Explained

Sensitive Data Leakage: Defined and Explained

Sensitive Data Leakage: Defined and Explained We live in a digital world where everything happens on the internet, from filling out important financial forms to online shopping. All such activities require you to fill in some sensitive data via the internet. As more...