fbpx

API Security

Subscribe for expert insights to protect your APIs.

Thanks! Your subscription has been recorded.

API Security Masterclass Recap: Where Are All the APIs, Anyway?

API Security Masterclass Recap: Where Are All the APIs, Anyway?

Missed our API Security Masterclass covering the wild world of APIs? No worries! We’ll recap the key takeaways on API types, security challenges, API sprawl, and the importance of API reconnaissance. Learn why developers love APIs, how to identify common API vulnerabilities, and start mapping your API attack surface for better protection.

PCI-DSS 4.0 Simplified with Traceable

PCI-DSS 4.0 Simplified with Traceable

Explore simplified PCI-DSS 4.0 compliance strategies designed to enhance data protection. Elevate security measures effortlessly with expert guidance, ensuring seamless adherence to industry standards.

Open APIs Explained: Their Impact on Business and Technology

Open APIs Explained: Their Impact on Business and Technology

Explore ‘Open APIs Explained: Their Impact on Business and Technology’ to understand how Open APIs drive innovation and impact tech and business. Learn about their benefits, practical applications, and essential security measures for effective and safe API integration.

Unlocking the Power of eBPF at Traceable

Unlocking the Power of eBPF at Traceable

Discover how eBPF’s kernel-level operation enables efficient data collection and analysis, making it an essential tool for modern network and security professionals. Perfect for tech enthusiasts and professionals, this blog demystifies eBPF and highlights its critical role in enhancing API traffic monitoring and security.

Dizzy Keys: Why API Key Rotation Matters

Dizzy Keys: Why API Key Rotation Matters

Dive into the essentials of API key security with our in-depth guide. Understand the significance of API key management through real-world examples. Discover the importance of regular rotation and secure handling of API keys to prevent unauthorized access and protect digital ecosystems. This article is a must-read for cybersecurity professionals and anyone interested in safeguarding their online interactions against potential threats.

Securing the Checkout: API Security Strategies for E-Commerce Platforms

Securing the Checkout: API Security Strategies for E-Commerce Platforms

Discover essential strategies for ecommerce security in our guide, focusing on common vulnerabilities and their solutions. Learn about technical and business logic issues, brute force attacks, and race conditions, and how to tackle them effectively. Gain insights into the benefits of all-in-one security platforms, with a spotlight on Traceable, an API security platform ideal for ecommerce. This article is a must-read for business owners and security professionals looking to fortify their online retail platforms against digital threats.

Agentless API Security in Google Cloud

Agentless API Security in Google Cloud

We are very excited to announce Traceable’s latest integration with Google Cloud application load balancers to provide agentless API security in Google Cloud. At Google Cloud Next ’23, Traceable  partnered with the Service Extensions team and now with the release of service extension’s public preview, Traceable customers can seamlessly integrate with Google Cloud’s application load balancers to secure all API traffic passing through them.

President Biden’s Executive Order on Artificial Intelligence: A Cybersecurity Perspective

President Biden’s Executive Order on Artificial Intelligence: A Cybersecurity Perspective

Explore the pivotal role of APIs in the execution of President Biden’s Executive Order on AI, which aims to position the United States at the forefront of artificial intelligence innovation. Understand how APIs enhance AI interoperability, scalability, and accessibility, ensuring secure and efficient deployment across various sectors. Dive into the nuances of the Order’s strategy for a trustworthy AI ecosystem that aligns with American values and interests.

How Traceable Aligns to Forrester’s Eight Components of API Security

How Traceable Aligns to Forrester’s Eight Components of API Security

Explore how Traceable aligns with Forrester’s comprehensive report on the eight essential components of API security. In an era where APIs drive innovation and business growth, their security becomes paramount. Dive deep into the challenges of API security, from the rise of malicious bots to the limitations of traditional tools. Discover how Traceable’s platform addresses each of Forrester’s recommendations, offering solutions from API governance to securing third-party APIs. Stay ahead in the digital transformation journey with insights on robust API protection strategies.

Another Milestone! Traceable Wins the 2023 Cybersecurity Breakthrough Award

Another Milestone! Traceable Wins the 2023 Cybersecurity Breakthrough Award

Explore Traceable’s award-winning approach to API security, celebrated by the 2023 CyberSecurity Breakthrough Award. Understand the pivotal role and vulnerabilities of APIs in cybersecurity, and discover how Traceable’s innovative Zero Trust API Access (ZTAA) provides unparalleled, future-proof protection for organizations in the intricate digital landscape.

11 Reasons Your WAF Can’t Secure Your APIs

11 Reasons Your WAF Can’t Secure Your APIs

WAFs are designed to protect your web applications from web application attacks. But they leave you vulnerable to API attacks. This blog discusses the 11 things that WAFs don’t do that are needed to properly protect APIs.

Manage your external attack surface with new Traceable Sonar

Manage your external attack surface with new Traceable Sonar

Traceable Sonar efficiently identifies and catalogs these assets, granting security teams a panoramic view of their external attack surface. But it doesn’t stop at discovery. Sonar delves deep into these assets, pinpointing vulnerabilities an attacker might exploit. By mirroring the probing techniques attackers use, Traceable Sonar equips organizations with critical insights into potential security loopholes.

Unveiling the Future of APIs: Key Insights from Postman’s 2023 State of the API Report

Unveiling the Future of APIs: Key Insights from Postman’s 2023 State of the API Report

Explore key insights from Postman’s 2023 State of the API Report in our latest blog post. We delve into the top API security risks, the improvement in API security incidents, sector-specific challenges, the threat of “zombie APIs,” and the range of API security tools available. Join us as we navigate the future of API security, turning challenges into opportunities for innovation and growth.

The 2023 Cost of a Data Breach Hits $4.45 Million: Inside IBM’s Latest Report

The 2023 Cost of a Data Breach Hits $4.45 Million: Inside IBM’s Latest Report

Explore key insights from IBM’s “2023 Cost of a Data Breach Report” in our latest blog post. We delve into the escalating costs of data breaches, the importance of strategic security investments, and the role of AI and automation in mitigating these costs. Learn about the significance of secure software development practices, including API security, in enhancing your organization’s cybersecurity posture.

Customer Story: Fintech company reduces attack surface by 10x with Traceable’s API Security Platform

Customer Story: Fintech company reduces attack surface by 10x with Traceable’s API Security Platform

We recently sat down with one of our Fintech customers to discuss their API security journey. Providing digital investment and transaction services, this Fintech company needed to solve for its rapidly expanding attack surface.   In this blog, we’ll summarize their journey with Traceable, providing highlights about how they discovered and secured tens of thousands of APIs in a distributed ecosystem, eliminating manual methods in favor of automatic API cataloging and protection.

Key Takeaways from Forrester’s 2023 State of Application Security Report

Key Takeaways from Forrester’s 2023 State of Application Security Report

Explore the key insights from Forrester’s State of Application Security report 2023 in our latest blog post. We delve into the complexities of application security, the rise of Software Composition Analysis (SCA), and the importance of API security in today’s digital landscape. Learn about the Shift-Everywhere movement and how it’s shaping the future of application security. This comprehensive analysis is a must-read for anyone looking to understand the current trends and challenges in application security.

The Anatomy of an API Abuse Attack: A Hacker’s Process Unveiled

The Anatomy of an API Abuse Attack: A Hacker’s Process Unveiled

Unlock the secrets of API abuse attacks with our comprehensive blog post. Explore the anatomy of these cyber threats, from reconnaissance to data exfiltration, and delve into the extended threat landscape. Learn about advanced protective measures, industry standards, and regulations to fortify your API security. Enhance your understanding of API vulnerabilities and arm your organization with the knowledge to counteract malicious activities.

Data Loss Prevention in an API-Driven World

Data Loss Prevention in an API-Driven World

Preventing data loss has become incredibly challenging in an API-driven world. Companies lockdown sensitive data internally with access controls, encryption, data classification and data loss prevention (DLP) platforms. They typically safeguard web applications with application security tooling or Web Application Firewalls (WAF). Cloud Security is often implemented with dedicated secure access service edge (SASE) architectures, including cloud access security brokers (CASBs).

5 Cybersecurity Leaders to Follow in 2023

5 Cybersecurity Leaders to Follow in 2023

These are five cybersecurity leaders you should follow in 2023. Their contributions to the field have revolutionized our understanding of cybersecurity and paved the way for the next generation of cyber professionals.

Recent MOVEit Exploits: SQL Injection to Web Shell to Data Exfiltration

Recent MOVEit Exploits: SQL Injection to Web Shell to Data Exfiltration

In the last few weeks, the security community has been shaken by a series of exploits targeting MOVEit, a popular file transfer software. These incidents have exposed critical vulnerabilities, allowing threat actors to compromise sensitive data and exploit organizations ranging from the BBS to several arms of the US Government.

The Imperative of API Ownership: A Nexus of Development and API Security

The Imperative of API Ownership: A Nexus of Development and API Security

This blog delves into the transformative impact of API ownership on cybersecurity, arguing that security markedly improves when there is a defined owner who understands the API, its use cases, and potential vulnerabilities, and is accountable for its secure operation. API ownership, while requiring some organizational reorientation, is an investment in future-proofing against security breaches and a crucial component of an effective cybersecurity strategy.

Unpacking OWASP’s API9:2023: Improper Inventory Management

Unpacking OWASP’s API9:2023: Improper Inventory Management

Discover the rising significance of API inventory in the evolving landscape of cybersecurity, as highlighted by the recently updated OWASP API Top 10. Our comprehensive blog discusses the crucial role API inventory plays in securing your digital assets, especially against the backdrop of escalating industry standards and regulatory requirements.

OWASP API Security Top 10 List 2023 Refresh

OWASP API Security Top 10 List 2023 Refresh

OWASP API Security Top 10 List 2023 Refresh, from one of the project leaders The OWASP API Security project just released the new version of the OWASP Top 10 for APIs. The project leaders - Paulo Silva, Erez Yalon, and I - Inon Shkedy, have been working together with...

Key Takeaways from the 2023 Verizon Data Breach Investigations Report

Key Takeaways from the 2023 Verizon Data Breach Investigations Report

Explore the major findings from the 2023 Verizon Data Breach Investigations Report in our latest blog post. We delve into the rise of social engineering attacks, the human element in breaches, the most affected sectors, and the significance of web application attacks in today’s cybersecurity landscape.

‘Dr. Zero Trust’ Chase Cunningham Joins Traceable as an Advisor

‘Dr. Zero Trust’ Chase Cunningham Joins Traceable as an Advisor

‘Dr. Zero Trust’ Chase Cunningham Joins Traceable as an Advisor  Traceable will leverage Cunningham’s industry-defining expertise to educate organizations on the intersection of API security and Zero Trust. Today we are excited to announce that Chase Cunningham, known...

The Telecom Industry: Why APIs Are Becoming their Worst Nightmare

The Telecom Industry: Why APIs Are Becoming their Worst Nightmare

The Telecom Industry: Why APIs Are Becoming their Worst Nightmare In the last six months, the Telecom industry has been hit by some massive, high-profile data breaches -- all of which happened by exploiting unprotected APIs. Gartner predicted that by 2022 APIs would...

OWASP API Security Top 10 2023 RC Published

OWASP API Security Top 10 2023 RC Published

OWASP API Security Top 10 2023 RC Published Why API Security? APIs have become an integral part of modern software development. APIs allow different software systems to communicate and exchange data, enabling developers to create complex applications by combining...

Sensitive Data Exfiltration: The New Nemesis of API Security

Sensitive Data Exfiltration: The New Nemesis of API Security

Sensitive Data Exfiltration: The New Nemesis of API Security This past year has brought many different industries some of the worst data breaches in history, and API data breaches have topped that list. Large companies such as T-Mobile, Optus, and several automotive...

Traceable API Security Platform Update: End of 2022

Traceable API Security Platform Update: End of 2022

Traceable API Security Platform Update: End of 2022 Happy New year from the Traceable team! We want to share some key product updates released in the last two months. API Catalog - Complete Visibility and API Governance Improved automatic authentication detection...

Webinar Recap: FFIEC Compliance and What It Means for API Security

Webinar Recap: FFIEC Compliance and What It Means for API Security

Webinar Recap: FFIEC Compliance and What It Means for API Security Earlier this month, Traceable announced our capabilities for FFIEC compliance - but you may be wondering, what exactly are the new FFIEC new guidelines, and what does that mean for API Security? To...