API security isn’t always top of mind. Here’s what I learned about the challenges and the latest trends from the API Summit.
API Security
Subscribe for expert insights to protect your APIs.
Thanks! Your subscription has been recorded.
Context-Aware Security as the Key Driver for Enhancing API Security in 2024
APIs are evolving, and so is API security. Context-aware security analyzes user behavior, data sensitivity, and environmental factors for real-time threat responses. Discover why it’s the future of API protection in this comprehensive blog post.
Data Poisoning: How API Vulnerabilities Compromise LLM Data Integrity
Data poisoning is a growing threat to LLMs. Learn how attackers exploit API weaknesses to corrupt AI data. This blog covers types of attacks, their impact, and essential API security measures to protect the integrity of your AI models.
Webinar Recap: API Security Predictions 2024: The Critical Crossroads is Here
APIs are the backbone of digital innovation, but they’re under attack. Learn the shocking API breach statistics from Traceable’s 2023 report and the key trends experts predict will reshape API security in 2024.
API Security Masterclass Recap: Where Are All the APIs, Anyway?
Missed our API Security Masterclass covering the wild world of APIs? No worries! We’ll recap the key takeaways on API types, security challenges, API sprawl, and the importance of API reconnaissance. Learn why developers love APIs, how to identify common API vulnerabilities, and start mapping your API attack surface for better protection.
PCI-DSS 4.0 Simplified with Traceable
Explore simplified PCI-DSS 4.0 compliance strategies designed to enhance data protection. Elevate security measures effortlessly with expert guidance, ensuring seamless adherence to industry standards.
Don’t Let Your APIs Get Ghosted: How to Tackle API Sprawl and Unknown APIs
Explore the complexities of API sprawl and its impact on organizational security in this insightful blog post. Discover how unknown APIs—Shadow, Zombie, and Ghost APIs—contribute to API sprawl and learn strategies for mitigating their risks.
Open APIs Explained: Their Impact on Business and Technology
Explore ‘Open APIs Explained: Their Impact on Business and Technology’ to understand how Open APIs drive innovation and impact tech and business. Learn about their benefits, practical applications, and essential security measures for effective and safe API integration.
The Wake-Up Call: Navigating the Aftermath of the “Mother of All Breaches”
As we observe Data Privacy Week, a time dedicated to highlighting the critical importance of data protection, the cybersecurity world is confronted with a monumental event: the “Mother of All Breaches,” a massive data breach compromising 26 billion records.
Unlocking the Power of eBPF at Traceable
Discover how eBPF’s kernel-level operation enables efficient data collection and analysis, making it an essential tool for modern network and security professionals. Perfect for tech enthusiasts and professionals, this blog demystifies eBPF and highlights its critical role in enhancing API traffic monitoring and security.
Dizzy Keys: Why API Key Rotation Matters
Dive into the essentials of API key security with our in-depth guide. Understand the significance of API key management through real-world examples. Discover the importance of regular rotation and secure handling of API keys to prevent unauthorized access and protect digital ecosystems. This article is a must-read for cybersecurity professionals and anyone interested in safeguarding their online interactions against potential threats.
Securing the Checkout: API Security Strategies for E-Commerce Platforms
Discover essential strategies for ecommerce security in our guide, focusing on common vulnerabilities and their solutions. Learn about technical and business logic issues, brute force attacks, and race conditions, and how to tackle them effectively. Gain insights into the benefits of all-in-one security platforms, with a spotlight on Traceable, an API security platform ideal for ecommerce. This article is a must-read for business owners and security professionals looking to fortify their online retail platforms against digital threats.
Agentless API Security in Google Cloud
We are very excited to announce Traceable’s latest integration with Google Cloud application load balancers to provide agentless API security in Google Cloud. At Google Cloud Next ’23, Traceable partnered with the Service Extensions team and now with the release of service extension’s public preview, Traceable customers can seamlessly integrate with Google Cloud’s application load balancers to secure all API traffic passing through them.
President Biden’s Executive Order on Artificial Intelligence: A Cybersecurity Perspective
Explore the pivotal role of APIs in the execution of President Biden’s Executive Order on AI, which aims to position the United States at the forefront of artificial intelligence innovation. Understand how APIs enhance AI interoperability, scalability, and accessibility, ensuring secure and efficient deployment across various sectors. Dive into the nuances of the Order’s strategy for a trustworthy AI ecosystem that aligns with American values and interests.
The US Open Banking Rule: A New Era of Financial Data Sharing and the Role of Open APIs
Explore the transformative power of open banking in the U.S. and its potential to reshape the global financial landscape. Dive deep into the U.S. Open Banking Rule, the CFPB’s draft rule, and the pivotal role of open APIs. Understand the benefits, challenges, and future implications of this financial revolution.
How Traceable Aligns to Forrester’s Eight Components of API Security
Explore how Traceable aligns with Forrester’s comprehensive report on the eight essential components of API security. In an era where APIs drive innovation and business growth, their security becomes paramount. Dive deep into the challenges of API security, from the rise of malicious bots to the limitations of traditional tools. Discover how Traceable’s platform addresses each of Forrester’s recommendations, offering solutions from API governance to securing third-party APIs. Stay ahead in the digital transformation journey with insights on robust API protection strategies.
Another Milestone! Traceable Wins the 2023 Cybersecurity Breakthrough Award
Explore Traceable’s award-winning approach to API security, celebrated by the 2023 CyberSecurity Breakthrough Award. Understand the pivotal role and vulnerabilities of APIs in cybersecurity, and discover how Traceable’s innovative Zero Trust API Access (ZTAA) provides unparalleled, future-proof protection for organizations in the intricate digital landscape.
11 Reasons Your WAF Can’t Secure Your APIs
WAFs are designed to protect your web applications from web application attacks. But they leave you vulnerable to API attacks. This blog discusses the 11 things that WAFs don’t do that are needed to properly protect APIs.
Manage your external attack surface with new Traceable Sonar
Traceable Sonar efficiently identifies and catalogs these assets, granting security teams a panoramic view of their external attack surface. But it doesn’t stop at discovery. Sonar delves deep into these assets, pinpointing vulnerabilities an attacker might exploit. By mirroring the probing techniques attackers use, Traceable Sonar equips organizations with critical insights into potential security loopholes.
Traceable Named a Leader in the 2023 GigaOm Radar for API Security, Again!
Traceable Named a Leader in the 2023 GigaOm Radar for API Security, Again! Traceable has, once again, been named a leader in the GigaOm Radar for API Security! We are thrilled to be recognized for our unwavering commitment to innovation, providing the industry’s...
Unveiling the Future of APIs: Key Insights from Postman’s 2023 State of the API Report
Explore key insights from Postman’s 2023 State of the API Report in our latest blog post. We delve into the top API security risks, the improvement in API security incidents, sector-specific challenges, the threat of “zombie APIs,” and the range of API security tools available. Join us as we navigate the future of API security, turning challenges into opportunities for innovation and growth.
The 2023 Cost of a Data Breach Hits $4.45 Million: Inside IBM’s Latest Report
Explore key insights from IBM’s “2023 Cost of a Data Breach Report” in our latest blog post. We delve into the escalating costs of data breaches, the importance of strategic security investments, and the role of AI and automation in mitigating these costs. Learn about the significance of secure software development practices, including API security, in enhancing your organization’s cybersecurity posture.
Customer Story: Fintech company reduces attack surface by 10x with Traceable’s API Security Platform
We recently sat down with one of our Fintech customers to discuss their API security journey. Providing digital investment and transaction services, this Fintech company needed to solve for its rapidly expanding attack surface. In this blog, we’ll summarize their journey with Traceable, providing highlights about how they discovered and secured tens of thousands of APIs in a distributed ecosystem, eliminating manual methods in favor of automatic API cataloging and protection.
Key Takeaways from Forrester’s 2023 State of Application Security Report
Explore the key insights from Forrester’s State of Application Security report 2023 in our latest blog post. We delve into the complexities of application security, the rise of Software Composition Analysis (SCA), and the importance of API security in today’s digital landscape. Learn about the Shift-Everywhere movement and how it’s shaping the future of application security. This comprehensive analysis is a must-read for anyone looking to understand the current trends and challenges in application security.
The Anatomy of an API Abuse Attack: A Hacker’s Process Unveiled
Unlock the secrets of API abuse attacks with our comprehensive blog post. Explore the anatomy of these cyber threats, from reconnaissance to data exfiltration, and delve into the extended threat landscape. Learn about advanced protective measures, industry standards, and regulations to fortify your API security. Enhance your understanding of API vulnerabilities and arm your organization with the knowledge to counteract malicious activities.
A Deep Dive Into API Security: Unpacking Traceable’s Definitive API Security Guide
A Deep Dive Into API Security: Unpacking Traceable's Definitive API Security Guide As we navigate through the increasingly digital landscape of the 21st century, APIs have become the unseen threads that stitch together our interconnected world. They underpin our web...
Data Loss Prevention in an API-Driven World
Preventing data loss has become incredibly challenging in an API-driven world. Companies lockdown sensitive data internally with access controls, encryption, data classification and data loss prevention (DLP) platforms. They typically safeguard web applications with application security tooling or Web Application Firewalls (WAF). Cloud Security is often implemented with dedicated secure access service edge (SASE) architectures, including cloud access security brokers (CASBs).
40% of Organizations Do Not Have an API Security Solution – Here’s What That Means
At the 2023 RSA Conference, a survey conducted by Traceable brought some troubling facts to the surface about how organizations are handling their API security — a theme that has become ground zero in cybersecurity circles.
5 Cybersecurity Leaders to Follow in 2023
These are five cybersecurity leaders you should follow in 2023. Their contributions to the field have revolutionized our understanding of cybersecurity and paved the way for the next generation of cyber professionals.
Why APIs are a Gateway for Credential Stuffing Attacks
This informative piece is a must-read for decision-makers in the cybersecurity industry looking to bolster their defenses against API abuse and credential stuffing attacks.”
Recent MOVEit Exploits: SQL Injection to Web Shell to Data Exfiltration
In the last few weeks, the security community has been shaken by a series of exploits targeting MOVEit, a popular file transfer software. These incidents have exposed critical vulnerabilities, allowing threat actors to compromise sensitive data and exploit organizations ranging from the BBS to several arms of the US Government.
The Imperative of API Ownership: A Nexus of Development and API Security
This blog delves into the transformative impact of API ownership on cybersecurity, arguing that security markedly improves when there is a defined owner who understands the API, its use cases, and potential vulnerabilities, and is accountable for its secure operation. API ownership, while requiring some organizational reorientation, is an investment in future-proofing against security breaches and a crucial component of an effective cybersecurity strategy.
Unpacking OWASP’s API9:2023: Improper Inventory Management
Discover the rising significance of API inventory in the evolving landscape of cybersecurity, as highlighted by the recently updated OWASP API Top 10. Our comprehensive blog discusses the crucial role API inventory plays in securing your digital assets, especially against the backdrop of escalating industry standards and regulatory requirements.
OWASP API Security Top 10 List 2023 Refresh
OWASP API Security Top 10 List 2023 Refresh, from one of the project leaders The OWASP API Security project just released the new version of the OWASP Top 10 for APIs. The project leaders - Paulo Silva, Erez Yalon, and I - Inon Shkedy, have been working together with...
Key Takeaways from the 2023 Verizon Data Breach Investigations Report
Explore the major findings from the 2023 Verizon Data Breach Investigations Report in our latest blog post. We delve into the rise of social engineering attacks, the human element in breaches, the most affected sectors, and the significance of web application attacks in today’s cybersecurity landscape.
The Double-edged Sword of Generative AI: Productivity Gain and Cybersecurity Risk
The Double-edged Sword of Generative AI: Productivity Gain and Cybersecurity Risk Artificial intelligence (AI), particularly the generative AI category, has been a game-changer in recent years. The phenomenal breakthrough, with models like OpenAI's ChatGPT, has...
Generative AI and API Security: Innovate Safely by Protecting Data Now
ChatGPT and other generative AI tools will transform business as we know it. However, enterprise teams need to move now to protect their sensitive data from being exposed, as it traverses APIs to answer user queries.
Traceable Introduces World’s First Zero Trust API Access (ZTAA) Solution
Traceable AI Introduces World’s First Zero Trust API Access (ZTAA) Solution Today we announce an industry first -- Zero Trust API Access! We are thrilled to offer such an innovative solution to our customers and the cybersecurity industry. This is a milestone, not...
How a Fintech Company achieved Context-Aware API Security to detect and block threats
Traceable Customer Story: How a Fintech Company achieved Context-Aware API Security to detect and block threats Fintech: one of the industries hardest hit by the need for API security, addressing additional API security regulations, as well as heightened risk by their...
‘Dr. Zero Trust’ Chase Cunningham Joins Traceable as an Advisor
‘Dr. Zero Trust’ Chase Cunningham Joins Traceable as an Advisor Traceable will leverage Cunningham’s industry-defining expertise to educate organizations on the intersection of API security and Zero Trust. Today we are excited to announce that Chase Cunningham, known...
The Telecom Industry: Why APIs Are Becoming their Worst Nightmare
The Telecom Industry: Why APIs Are Becoming their Worst Nightmare In the last six months, the Telecom industry has been hit by some massive, high-profile data breaches -- all of which happened by exploiting unprotected APIs. Gartner predicted that by 2022 APIs would...
Cybersecurity Roundup for February 2023: T-Mobile Fallout, ChatGPT abuse, and Shopify’s Hardcoded API Tokens
Cybersecurity Roundup - February 2023: T-Mobile Fallout, ChatGPT abuse, and Shopify's Hardcoded API Tokens This February saw a few API vulnerabilities that should serve not only as cautionary tales, but as face-palm moments. Shopify’s hard-coded API keys mean that 4...
FFIEC Compliance: The API Security Reckoning for Financial Institutions
FFIEC Compliance: The API Security Reckoning for Financial Institutions What is FFIEC Compliance? The FFIEC (Federal Financial Institutions Examination Council) is an interagency body of the U.S. government, made up of several financial regulatory agencies. It was...
OWASP API Security Top 10 2023 RC Published
OWASP API Security Top 10 2023 RC Published Why API Security? APIs have become an integral part of modern software development. APIs allow different software systems to communicate and exchange data, enabling developers to create complex applications by combining...
Traceable Wins 2023 Devies Award for Best Innovation in API Security
Traceable Wins 2023 DEVIES Award for API Security Innovation Traceable has won another award! We've been chosen as the recipient of a 2023 DEVIES Award for API Security, recognizing outstanding design, engineering, and innovation in developer technology. Since our...
Sensitive Data Exfiltration: The New Nemesis of API Security
Sensitive Data Exfiltration: The New Nemesis of API Security This past year has brought many different industries some of the worst data breaches in history, and API data breaches have topped that list. Large companies such as T-Mobile, Optus, and several automotive...
Traceable API Security Platform Update: End of 2022
Traceable API Security Platform Update: End of 2022 Happy New year from the Traceable team! We want to share some key product updates released in the last two months. API Catalog - Complete Visibility and API Governance Improved automatic authentication detection...
Cybersecurity Roundup for January 2023: API Attacks Front and Center
Cybersecurity Roundup for January 2023: T-Mobile data leak, CircleCI vulnerability, rampant API automotive exploits possible, AWS Vulnerability, and Cryptotheft by API This year began with API attacks leading the way as the top vector for data breaches. The entire...
Top Webinars of 2022: The Most Popular Sessions and Where to Find Them
Top Webinars of 2022: The Most Popular Sessions and Where to Find Them 2022 was a big year for Traceable, and we produced some great sessions to help organizations get on track with their API security initiatives. We've compiled our most popular sessions of 2022, from...
Webinar Recap: FFIEC Compliance and What It Means for API Security
Webinar Recap: FFIEC Compliance and What It Means for API Security Earlier this month, Traceable announced our capabilities for FFIEC compliance - but you may be wondering, what exactly are the new FFIEC new guidelines, and what does that mean for API Security? To...