We are pleased to announce that Traceable AI has added a new agentless deployment option of traffic mirroring for customers who wish to deploy an API security solution to protect their API-driven applications.
API Security
Subscribe for expert insights to protect your applications.
Thanks! Your subscription has been recorded.
The Perils of Overestimating the Security of Your APIs
In 2019, I hacked 30 bank mobile apps and APIs in coordination with domestic and international financial services and FinTech companies. In 2020-2021, I hacked 30 mobile health (mHealth) apps and FHIR APIs in coordination with healthcare providers, giving me access to thousands of patient records via their APIs due to broken authentication and authorization vulnerabilities. This year, in coordination with federal and state law enforcement agencies, I was able to take remote control of law enforcement vehicles through the automaker’s APIs.
API Management Gateways Don’t Provide Enough Security
Bold security threats are giving rise to a new industry of API-specific security capabilities much more powerful than current management tools.
A Deep Dive On The Most Critical API Vulnerability — BOLA (Broken Object Level Authorization)
In this article, I dig into the details about Broken Object Level Authorization (BOLA) — the most common and most severe API vulnerability today according to the OWASP API Security Project. Insecure Direct Object Reference (IDOR) and BOLA are the same thing. The name was changed from IDOR to BOLA as part of the project.
AWS WAF and CloudFront: How to Use Them Together
Security is really important. There is nothing like the gut-wrenching feeling of exposing users’ data. However, security isn’t the most exciting part of web development and is often ignored. Using AWS CloudFront and AWS WAF together, you can add some security to your sites with less work and focus on making features for your users.
How to Test API Security: A Guide and Checklist
APIs are the pipes that connect various applications and (micro)services. As data flows through them, security is of utmost importance to prevent data leakage. Also, since APIs are like doors into your application, they’re the obvious entry point for attackers who want to break your system.
Try a DevOps Approach to Reduce Security False Positives and Negatives
Better security rules increase false positives — which causes more complacency. Better tools for creating the context for more sophisticated rules and automated workflows can help.
Planning for Modern Application Security Forensics and Exploration
As part of DevSecOps best practices, modern application developers and security teams should borrow techniques from crime scene forensics to investigate and protect against attacks.
Announcing Traceable AI – The First Free API Security Solution
Today marks an exciting milestone for us and for the security industry overall. Today, we are announcing the industry’s first free API security solution.
API Authentication and Authorization the Right Way — Part 3
Teams need to address three core elements to develop an effective yet scalable model for API security.
Shine a Light on Shadow APIs To Improve Security
Shadow APIs lurk outside the sight of normal IT governance processes. The problem: Attackers can use them to access data and applications.
How Zombie APIs Pose a Forgotten Vulnerability
Like the undead, deprecated APIs can lurk hidden in the background until an attacker gives them new life. The fix? A proper funeral.
Web API Security: Rule-Based and Signature-Based Only Security Isn’t Good Enough
Attackers have learned to defeat traditional ‘moat around the castle’ perimeter defenses. Modern application security tools offer the answer: distributed tracing and AI that understands the app they protect.
How To Avoid Exposing Private Data By Securing APIs
What cloud application security options are available to protect personal data in the API economy?
The Prescription for Vulnerable Mobile Health Apps: Protect APIs
When a security expert tested several dozen mobile health applications, all had API vulnerabilities that could leak personal information. This should be a warning call.
API Security Challenges: How to Manage APIs Amidst Continuous Change
We’re living in a world of continuous change, which makes it hard to manage APIs. Read this guide to API security challenges and how to fix them.
The Consequences of Poor Authentication and Authorization Practices in APIs
Everything You Need to Know About Authentication and Authorization in Web APIs – Part 2
Top 5 Ways To Protect Against Data Exposure
Attackers are listening to your API chatter, finding vulnerabilities that reveal valuable (and personal) data. Here’s what developers should consider to protect against excessive data exposure.
Everything You Need to Know About Authentication and Authorization in Web APIs – Part 1
Part 1: Technologies used to create web applications have fundamentally changed. Authentication and authorization techniques must change with them.
Web Application Security Is Not API Security
Traditional web security was relatively easy: defend the web application like it was the Queen’s castle. With the rise of microservices, however, application security must be smarter.
Use the OWASP API Top 10 To Secure Your APIs
Think of the OWASP API Top 10 as a checklist of vulnerabilities that bad actors can use to breach your system. Here’s how to be confident in your application security.