fbpx

foundations

Subscribe for expert insights to protect your APIs.

Thanks! Your subscription has been recorded.

Holiday Hacks: Unraveling API Exploits Fueling Digital Fraud

Holiday Hacks: Unraveling API Exploits Fueling Digital Fraud

Delve into ‘Holiday Hacks: Unraveling API Exploits Fueling Digital Fraud’ to master ecommerce API security this holiday season. Discover practical tips for detecting and preventing common API vulnerabilities that lead to digital fraud, using tools like OWASP Juice Shop and Burp Suite. This blog guides you through safeguarding your online platform against sophisticated cyber threats during the busiest shopping period.

Dizzy Keys: Why API Key Rotation Matters

Dizzy Keys: Why API Key Rotation Matters

Dive into the essentials of API key security with our in-depth guide. Understand the significance of API key management through real-world examples. Discover the importance of regular rotation and secure handling of API keys to prevent unauthorized access and protect digital ecosystems. This article is a must-read for cybersecurity professionals and anyone interested in safeguarding their online interactions against potential threats.

Securing the Checkout: API Security Strategies for E-Commerce Platforms

Securing the Checkout: API Security Strategies for E-Commerce Platforms

Discover essential strategies for ecommerce security in our guide, focusing on common vulnerabilities and their solutions. Learn about technical and business logic issues, brute force attacks, and race conditions, and how to tackle them effectively. Gain insights into the benefits of all-in-one security platforms, with a spotlight on Traceable, an API security platform ideal for ecommerce. This article is a must-read for business owners and security professionals looking to fortify their online retail platforms against digital threats.

Decoding and Defending Against Broken Object Level Authorization (BOLA)

Decoding and Defending Against Broken Object Level Authorization (BOLA)

Broken Object Level Authorization (BOLA) remains a critical vulnerability in API security, highlighted in the OWASP API Top 10. BOLA occurs when users access or manipulate resources beyond their permissions. This article delves into how BOLA manifests in APIs, its impact, and effective strategies for mitigation, emphasizing the need for comprehensive access control and vigilant application security programs.

Unveiling the 2023 State of API Security: A Panoramic Industry View

Unveiling the 2023 State of API Security: A Panoramic Industry View

The 2023 State of API Security: A Global Study on the Reality of API Risk: This report is a labor of profound research and hard work, delving into intricate matters such as API-related data breaches, the growing concern of API sprawl, API ownership, and the risks of fraud and abuse, as well as the growing role of Zero Trust in API Security initiatives.

11 Reasons Your WAF Can’t Secure Your APIs

11 Reasons Your WAF Can’t Secure Your APIs

WAFs are designed to protect your web applications from web application attacks. But they leave you vulnerable to API attacks. This blog discusses the 11 things that WAFs don’t do that are needed to properly protect APIs.

The Anatomy of an API Abuse Attack: A Hacker’s Process Unveiled

The Anatomy of an API Abuse Attack: A Hacker’s Process Unveiled

Unlock the secrets of API abuse attacks with our comprehensive blog post. Explore the anatomy of these cyber threats, from reconnaissance to data exfiltration, and delve into the extended threat landscape. Learn about advanced protective measures, industry standards, and regulations to fortify your API security. Enhance your understanding of API vulnerabilities and arm your organization with the knowledge to counteract malicious activities.

Data Loss Prevention in an API-Driven World

Data Loss Prevention in an API-Driven World

Preventing data loss has become incredibly challenging in an API-driven world. Companies lockdown sensitive data internally with access controls, encryption, data classification and data loss prevention (DLP) platforms. They typically safeguard web applications with application security tooling or Web Application Firewalls (WAF). Cloud Security is often implemented with dedicated secure access service edge (SASE) architectures, including cloud access security brokers (CASBs).

The Imperative of API Ownership: A Nexus of Development and API Security

The Imperative of API Ownership: A Nexus of Development and API Security

This blog delves into the transformative impact of API ownership on cybersecurity, arguing that security markedly improves when there is a defined owner who understands the API, its use cases, and potential vulnerabilities, and is accountable for its secure operation. API ownership, while requiring some organizational reorientation, is an investment in future-proofing against security breaches and a crucial component of an effective cybersecurity strategy.

Unpacking OWASP’s API9:2023: Improper Inventory Management

Unpacking OWASP’s API9:2023: Improper Inventory Management

Discover the rising significance of API inventory in the evolving landscape of cybersecurity, as highlighted by the recently updated OWASP API Top 10. Our comprehensive blog discusses the crucial role API inventory plays in securing your digital assets, especially against the backdrop of escalating industry standards and regulatory requirements.

OWASP API Security Top 10 List 2023 Refresh

OWASP API Security Top 10 List 2023 Refresh

OWASP API Security Top 10 List 2023 Refresh, from one of the project leaders The OWASP API Security project just released the new version of the OWASP Top 10 for APIs. The project leaders - Paulo Silva, Erez Yalon, and I - Inon Shkedy, have been working together with...

Sensitive Data Exfiltration: The New Nemesis of API Security

Sensitive Data Exfiltration: The New Nemesis of API Security

Sensitive Data Exfiltration: The New Nemesis of API Security This past year has brought many different industries some of the worst data breaches in history, and API data breaches have topped that list. Large companies such as T-Mobile, Optus, and several automotive...

How API Abuse Became the Top Vector  for Data Breaches

How API Abuse Became the Top Vector for Data Breaches

Introduction - What is API Abuse? API Abuse has recently become an important topic among security professionals, and for good reason. In the past two years, we’ve seen large scale data breaches happen as a result of APIs being abused and misused in some way. API Abuse...

The Business Case for API Security: Why API Security? Why Now?

The Business Case for API Security: Why API Security? Why Now?

The Business Case for API Security: Why API Security? Why Now? We are just about to finish yet another year -- 2022. And in terms of cybersecurity and specifically, API Security, the past 12 months has been quite a challenge for many industries. As with any emerging...

Cloud DLP: What It Is and Why It’s Needed

Cloud DLP: What It Is and Why It’s Needed

Cloud DLP: What It Is and Why It's Needed The 21st century has moved data storage practices from traditional modes such as the use of hard drives to incorporate cloud-based methods. Cloud data storage involves storing data in a secure manner on the internet through a...

Sensitive Data Leakage: Defined and Explained

Sensitive Data Leakage: Defined and Explained

Sensitive Data Leakage: Defined and Explained We live in a digital world where everything happens on the internet, from filling out important financial forms to online shopping. All such activities require you to fill in some sensitive data via the internet. As more...

OWASP API Top 10 for Dummies: Part III

OWASP API Top 10 for Dummies: Part III

OWASP API Top 10 for Dummies: Part III Welcome back to our blog series on the OWASP API Top 10! This is continued from Part I and Part II. If you haven’t read the first two parts in this blog series, check them out! These blogs are written for a non-technical...

API Abuse: Types, Causes, and How to Defend Against Them

API Abuse: Types, Causes, and How to Defend Against Them

API Abuse: Types, Causes, and How to Defend Against Them There are a few real-life analogies we can use to describe APIs. One is that they're like doors that provide access to an underlying system. It's an apt security analogy. You want doors to open smoothly and...

OWASP API Top 10 for Dummies Part I

OWASP API Top 10 for Dummies Part I

OWASP API Top 10 for Dummies Part I Introduction In this blog series I will try to explain the most common threats for APIs using simple analogies. I started thinking about writing this blog last time I was visiting my grandfather. He asked me - “Inon, what do you do...

API vs Webhooks: How to Know When to Use Each

API vs Webhooks: How to Know When to Use Each

Applications on the internet today rely a lot on third-party integrations. And why shouldn’t they, when it helps developers focus more on the core product than tangling with different features? For instance, you could use a simple tool to handle your email marketing campaigns, or you could use a third-party payment provider to handle all the payments on your website.

What is the OWASP Top 10?

What is the OWASP Top 10?

OWASP has been the face of web application security for almost 20 years. One of the most widely known contributions to the industry is the OWASP Top 10 List.

What is Web Application Security?

What is Web Application Security?

Web Application Security is security for web apps, right? As with many technical topics, there are plenty of rabbit holes to dive into when discussing web application security, but let’s focus on the critical questions many have about it.