Subscribe for expert insights to protect your applications.
Thanks! Your subscription has been recorded.
Cybersecurity Roundup - February 2023: T-Mobile Fallout, ChatGPT abuse, and Shopify's Hardcoded API Tokens This February saw a few API vulnerabilities that should serve not only as cautionary tales, but as face-palm moments. Shopify’s hard-coded API keys mean that 4...
FFIEC Compliance: The API Security Reckoning for Financial Institutions What is FFIEC Compliance? The FFIEC (Federal Financial Institutions Examination Council) is an interagency body of the U.S. government, made up of several financial regulatory agencies. It was...
OWASP API Security Top 10 2023 RC Published Why API Security? APIs have become an integral part of modern software development. APIs allow different software systems to communicate and exchange data, enabling developers to create complex applications by combining...
Traceable Wins 2023 DEVIES Award for API Security Innovation Traceable has won another award! We've been chosen as the recipient of a 2023 DEVIES Award for API Security, recognizing outstanding design, engineering, and innovation in developer technology. Since our...
Sensitive Data Exfiltration: The New Nemesis of API Security This past year has brought many different industries some of the worst data breaches in history, and API data breaches have topped that list. Large companies such as T-Mobile, Optus, and several automotive...
Traceable API Security Platform Update: End of 2022 Happy New year from the Traceable team! We want to share some key product updates released in the last two months. API Catalog - Complete Visibility and API Governance Improved automatic authentication detection...
Cybersecurity Roundup for January 2023: T-Mobile data leak, CircleCI vulnerability, rampant API automotive exploits possible, AWS Vulnerability, and Cryptotheft by API This year began with API attacks leading the way as the top vector for data breaches. The entire...
Top Webinars of 2022: The Most Popular Sessions and Where to Find Them 2022 was a big year for Traceable, and we produced some great sessions to help organizations get on track with their API security initiatives. We've compiled our most popular sessions of 2022, from...
Webinar Recap: FFIEC Compliance and What It Means for API Security Earlier this month, Traceable announced our capabilities for FFIEC compliance - but you may be wondering, what exactly are the new FFIEC new guidelines, and what does that mean for API Security? To...
Traceable Announces Commitment to Respecting Data by Becoming a 2023 Data Privacy Week Champion This year’s initiative emphasizes educating businesses on data collection best practices that respect data privacy and promoting transparency. Data Privacy Week is an...
T-Mobile's API Data Breach: The API Security Reckoning is Here We are roughly three weeks into 2023, and here we are, contending with the second major API data breach of the year. If this is any indication of how this year will progress, we have some hard questions to...
Introduction - What is API Abuse? API Abuse has recently become an important topic among security professionals, and for good reason. In the past two years, we’ve seen large scale data breaches happen as a result of APIs being abused and misused in some way. API Abuse...
Why the Pentagon Needs to Factor in API Security to Establish a True Zero Trust Strategy President Biden’s Executive Order on Cyber Security, issued in 2021, provides a strong vote of confidence for Zero Trust security models. The order requires that federal...
A Modern Approach to API Governance: Challenges and Recommendations Introduction With any IT system, old or new, adequate risk management is critical for sufficient system protection, prioritizing of issues, data privacy, and making sure appropriate compliance...
The CircleCI Data Breach: The TLDR CircleCI, a developer product focused on Continuous Integration (CI) and Continuous Deployment (CD), with over one million users, published an advisory this week urging its customers to immediately rotate all secrets following a...
Shadow APIs: The New Form of Shadow IT and What You Can Do About It While many security professionals are more than familiar with the term “Shadow IT”, Shadow APIs are just starting to become a known phenomenon. And of course they’re becoming a big deal. Most...
About the 2022 HackerOne Security Report HackerOne released its 6th annual Hacker-Powered Security Report. The Company has been surveying ethical hackers to get their perspective on cybersecurity and risk. The 2022 Hacker-Powered Security Report includes insights from...
Top Data Breaches of 2022 and What they Mean for API Security 2022 was quite a year for data breaches. Isn’t that always the story? Each year, the data breaches become worse, resulting in higher costs, brand value erosion, and effectively propel so many security...
How Jobvite Eliminated API Sprawl with Traceable’s API Security Platform The rise of distributed applications and microservices has created a new attack surface. One which is not fully understood by many security professionals or addressed by existing solutions in the...
This article will go over how defense in depth and layered security work as well as the benefits of using them.
2023 Cybersecurity Predictions: Insights on the Future of API Security from Traceable CSO, Richard Bird It's that time again! It's time for experts around the globe address the year we are leaving behind, assessing our success and failures as an industry, and thinking...
In this post, you’ll learn some essential tips and tricks about planning your cloud security architecture.
The Business Case for API Security: Why API Security? Why Now? We are just about to finish yet another year -- 2022. And in terms of cybersecurity and specifically, API Security, the past 12 months has been quite a challenge for many industries. As with any emerging...
NextRoll Gains 8x Visibility into APIs and Solves API Sprawl It's time for another customer story from Traceable! Today's blog highlights NextRoll's journey to API Security, and specifically their struggle with API Sprawl and gaining visibility into all APIs. Let's...
Cloud DLP: What It Is and Why It's Needed The 21st century has moved data storage practices from traditional modes such as the use of hard drives to incorporate cloud-based methods. Cloud data storage involves storing data in a secure manner on the internet through a...
Sensitive Data Leakage: Defined and Explained We live in a digital world where everything happens on the internet, from filling out important financial forms to online shopping. All such activities require you to fill in some sensitive data via the internet. As more...
OWASP API Top 10 for Dummies: Part III Welcome back to our blog series on the OWASP API Top 10! This is continued from Part I and Part II. If you haven’t read the first two parts in this blog series, check them out! These blogs are written for a non-technical...
Black Friday Cybersecurity: Insights from Traceable Chief Security Officer, Richard Bird. It's that time again -- the season of Black Friday and Cyber Monday, and all the cybersecurity trimmings that come along with them. This time of year, retail and e-commerce shops...
Welcome back to our blog series on the OWASP API Top 10! In Part II, we tackle Lack of Rate Limiting, Broken Function Level Authorization (BFLA), and Mass Assignment.
Read on to discover what a security posture is and tips for strengthening your posture to prevent attacks from causing significant damage.
Many business leaders remain in the dark about the dangers of bot attacks. Let’s learn about how they work, and tips for preventing them.
API Abuse: Types, Causes, and How to Defend Against Them There are a few real-life analogies we can use to describe APIs. One is that they're like doors that provide access to an underlying system. It's an apt security analogy. You want doors to open smoothly and...
OWASP API Top 10 for Dummies Part I Introduction In this blog series I will try to explain the most common threats for APIs using simple analogies. I started thinking about writing this blog last time I was visiting my grandfather. He asked me - “Inon, what do you do...
9 Must-Know Data Security Threats and How to Combat Them Companies across all industries are increasing their use of data and analytics. According to one study, 50% of data and analytics leaders say business intelligence and analytics usage is increasing. What’s more,...
This Halloween, we’re gonna imagine the scariest thing possible: a world that is…suddenly…without APIs! Imagine it. You’re used to scrolling your smartphone, connecting to maps, music, and other apps in your car. You can order ahead on your phone, you can email any...
Cybersecurity Roundup for 10.17.2022: Text4Shell Apache Commons Text vulnerability, Microsoft vulnerabilities and layoffs, and more from Operation Cuckoobees Ramifications of the Apache Commons Text4shell vulnerability, Upheaval at Microsoft, and Operation Cuckoobees...
Traceable's Co-Founder and CEO, Jyoti Bansal Named to the Enterprise Security Tech Cyber Influencer Top 10 List Jyoti Bansal, Traceable Co-Founder and CEO has been named to the Enterprise Security Tech Cyber Influencer Top 10 List and we are super excited by the...
API Security Innovation - A Security Executive Perspective Last week, Traceable’s Chief Security Officer, Richard Bird, sat down for a fireside chat to discuss API security innovation and give his perspectives on the industry, emerging threats, and where API security...
Cybersecurity Roundup for the Week of 10.10.2022: Thoma Bravo Completes Yet Another Acquisition, More API Vulnerabilities, and a US Airport Cyberattack This week, Thoma Bravo, Vista Equity and Thales made headlines on their latest rounds of acquisitions. Aqua Security...
Traceable Named a "Leader" in the 2022 GigaOm Radar for API Security Traceable has been named a Leader in the GigaOm Radar Report for API Security, and we are thrilled to be included and acknowledged in this emerging space! GigaOm Considerations for Leadership In...
This week brought us the Uber Conviction, new CISA rules on asset discovery scanning, and more details in the ransomware attack on the Los Angeles School District. Uber’s former chief security officer convicted over cover-up of 2016 data breach where hackers...
Traceable’s own Andrew Wesbecher discussed the importance of API security in the new, API-driven landscape of software development.
Cybersecurity Awareness Month 2022: New Theme, New Perspective It’s that time of year again – cybersecurity awareness month! This year’s CISA theme is See Yourself in Cyber. The intention is to bring awareness to the more human aspects of cybersecurity. Specifically,...
Attack on unauthenticated API endpoint at Optus, CISA’s Warning on Cyber Risk, and Another perspective on the Uber hack. This week witnessed an API endpoint attack at Optus. Optus is an Australian telecommunications company headquartered in New South Wales. It is...
Traceable September Webinar Lineup Here at Traceable, we’re working hard to bring you informative content and webinars, guaranteed to help inform your API security decisions. This month, we have quite the lineup of exciting topics to share. API Sprawl: What It Is and...
Even with essential safeguards in place, websites can be vulnerable. Let’s learn what an API failure is, what causes them and how to fix them.
Today, we are excited to announce API Security Testing! This addition to our API Security platform brings fully automated, closed-loop security testing to organizations’ APIs. We all remember the famous phrase of Andreessen Horowitz, “Software is eating the world”. It...
Smart companies use APIs to serve their clients. Whether the user is using a web browser or a mobile app, they're probably talking to an API. They make it easier to upgrade the user experience, add new products, and talk to new businesses and new markets. But APIs...
When people think of software architecture, they often picture layers of code. But in recent years, there's been a shift from this model—known as the monolithic approach—toward a more modular development style. This new approach, known as microservices, has given rise...
The Black Hat Conference for 2022 has concluded and, once again, there was no shortage of new emerging security technologies, informative sessions, and broader concerns surrounding APIs, data security, the software supply chain and code security. The conference was...