Delve into ‘Holiday Hacks: Unraveling API Exploits Fueling Digital Fraud’ to master ecommerce API security this holiday season. Discover practical tips for detecting and preventing common API vulnerabilities that lead to digital fraud, using tools like OWASP Juice Shop and Burp Suite. This blog guides you through safeguarding your online platform against sophisticated cyber threats during the busiest shopping period.
foundations
Subscribe for expert insights to protect your APIs.
Thanks! Your subscription has been recorded.
Dizzy Keys: Why API Key Rotation Matters
Dive into the essentials of API key security with our in-depth guide. Understand the significance of API key management through real-world examples. Discover the importance of regular rotation and secure handling of API keys to prevent unauthorized access and protect digital ecosystems. This article is a must-read for cybersecurity professionals and anyone interested in safeguarding their online interactions against potential threats.
Securing the Checkout: API Security Strategies for E-Commerce Platforms
Discover essential strategies for ecommerce security in our guide, focusing on common vulnerabilities and their solutions. Learn about technical and business logic issues, brute force attacks, and race conditions, and how to tackle them effectively. Gain insights into the benefits of all-in-one security platforms, with a spotlight on Traceable, an API security platform ideal for ecommerce. This article is a must-read for business owners and security professionals looking to fortify their online retail platforms against digital threats.
Decoding and Defending Against Broken Object Level Authorization (BOLA)
Broken Object Level Authorization (BOLA) remains a critical vulnerability in API security, highlighted in the OWASP API Top 10. BOLA occurs when users access or manipulate resources beyond their permissions. This article delves into how BOLA manifests in APIs, its impact, and effective strategies for mitigation, emphasizing the need for comprehensive access control and vigilant application security programs.
Unveiling the 2023 State of API Security: A Panoramic Industry View
The 2023 State of API Security: A Global Study on the Reality of API Risk: This report is a labor of profound research and hard work, delving into intricate matters such as API-related data breaches, the growing concern of API sprawl, API ownership, and the risks of fraud and abuse, as well as the growing role of Zero Trust in API Security initiatives.
11 Reasons Your WAF Can’t Secure Your APIs
WAFs are designed to protect your web applications from web application attacks. But they leave you vulnerable to API attacks. This blog discusses the 11 things that WAFs don’t do that are needed to properly protect APIs.
The Anatomy of an API Abuse Attack: A Hacker’s Process Unveiled
Unlock the secrets of API abuse attacks with our comprehensive blog post. Explore the anatomy of these cyber threats, from reconnaissance to data exfiltration, and delve into the extended threat landscape. Learn about advanced protective measures, industry standards, and regulations to fortify your API security. Enhance your understanding of API vulnerabilities and arm your organization with the knowledge to counteract malicious activities.
A Deep Dive Into API Security: Unpacking Traceable’s Definitive API Security Guide
A Deep Dive Into API Security: Unpacking Traceable's Definitive API Security Guide As we navigate through the increasingly digital landscape of the 21st century, APIs have become the unseen threads that stitch together our interconnected world. They underpin our web...
Data Loss Prevention in an API-Driven World
Preventing data loss has become incredibly challenging in an API-driven world. Companies lockdown sensitive data internally with access controls, encryption, data classification and data loss prevention (DLP) platforms. They typically safeguard web applications with application security tooling or Web Application Firewalls (WAF). Cloud Security is often implemented with dedicated secure access service edge (SASE) architectures, including cloud access security brokers (CASBs).
The Imperative of API Ownership: A Nexus of Development and API Security
This blog delves into the transformative impact of API ownership on cybersecurity, arguing that security markedly improves when there is a defined owner who understands the API, its use cases, and potential vulnerabilities, and is accountable for its secure operation. API ownership, while requiring some organizational reorientation, is an investment in future-proofing against security breaches and a crucial component of an effective cybersecurity strategy.
Unpacking OWASP’s API9:2023: Improper Inventory Management
Discover the rising significance of API inventory in the evolving landscape of cybersecurity, as highlighted by the recently updated OWASP API Top 10. Our comprehensive blog discusses the crucial role API inventory plays in securing your digital assets, especially against the backdrop of escalating industry standards and regulatory requirements.
OWASP API Security Top 10 List 2023 Refresh
OWASP API Security Top 10 List 2023 Refresh, from one of the project leaders The OWASP API Security project just released the new version of the OWASP Top 10 for APIs. The project leaders - Paulo Silva, Erez Yalon, and I - Inon Shkedy, have been working together with...
Sensitive Data Exfiltration: The New Nemesis of API Security
Sensitive Data Exfiltration: The New Nemesis of API Security This past year has brought many different industries some of the worst data breaches in history, and API data breaches have topped that list. Large companies such as T-Mobile, Optus, and several automotive...
Traceable Announces Commitment to Respecting Data by Becoming a 2023 Data Privacy Week Champion
Traceable Announces Commitment to Respecting Data by Becoming a 2023 Data Privacy Week Champion This year’s initiative emphasizes educating businesses on data collection best practices that respect data privacy and promoting transparency. Data Privacy Week is an...
How API Abuse Became the Top Vector for Data Breaches
Introduction - What is API Abuse? API Abuse has recently become an important topic among security professionals, and for good reason. In the past two years, we’ve seen large scale data breaches happen as a result of APIs being abused and misused in some way. API Abuse...
A Modern Approach to API Governance: Challenges and Recommendations
A Modern Approach to API Governance: Challenges and Recommendations Introduction With any IT system, old or new, adequate risk management is critical for sufficient system protection, prioritizing of issues, data privacy, and making sure appropriate compliance...
Defense in Depth: A Guide to Layered Security
This article will go over how defense in depth and layered security work as well as the benefits of using them.
A Guide to Modernizing Legacy Applications
In today’s post, we’ll guide you through the modernization of your legacy application and determine if it’s something you should implement.
How to Plan Your Cloud Security Architecture
In this post, you’ll learn some essential tips and tricks about planning your cloud security architecture.
The Business Case for API Security: Why API Security? Why Now?
The Business Case for API Security: Why API Security? Why Now? We are just about to finish yet another year -- 2022. And in terms of cybersecurity and specifically, API Security, the past 12 months has been quite a challenge for many industries. As with any emerging...
Cloud DLP: What It Is and Why It’s Needed
Cloud DLP: What It Is and Why It's Needed The 21st century has moved data storage practices from traditional modes such as the use of hard drives to incorporate cloud-based methods. Cloud data storage involves storing data in a secure manner on the internet through a...
Sensitive Data Leakage: Defined and Explained
Sensitive Data Leakage: Defined and Explained We live in a digital world where everything happens on the internet, from filling out important financial forms to online shopping. All such activities require you to fill in some sensitive data via the internet. As more...
OWASP API Top 10 for Dummies: Part III
OWASP API Top 10 for Dummies: Part III Welcome back to our blog series on the OWASP API Top 10! This is continued from Part I and Part II. If you haven’t read the first two parts in this blog series, check them out! These blogs are written for a non-technical...
Black Friday Cybersecurity: Top 5 Insights from Traceable Chief Security Officer
Black Friday Cybersecurity: Insights from Traceable Chief Security Officer, Richard Bird. It's that time again -- the season of Black Friday and Cyber Monday, and all the cybersecurity trimmings that come along with them. This time of year, retail and e-commerce shops...
OWASP API Top 10 for Dummies: Blog Series, Part II
Welcome back to our blog series on the OWASP API Top 10! In Part II, we tackle Lack of Rate Limiting, Broken Function Level Authorization (BFLA), and Mass Assignment.
Security Posture: A Leader’s Guide to Evaluating and Improving It
Read on to discover what a security posture is and tips for strengthening your posture to prevent attacks from causing significant damage.
A Leader’s Guide to Understanding and Preventing Bot Attacks
Many business leaders remain in the dark about the dangers of bot attacks. Let’s learn about how they work, and tips for preventing them.
API Abuse: Types, Causes, and How to Defend Against Them
API Abuse: Types, Causes, and How to Defend Against Them There are a few real-life analogies we can use to describe APIs. One is that they're like doors that provide access to an underlying system. It's an apt security analogy. You want doors to open smoothly and...
OWASP API Top 10 for Dummies Part I
OWASP API Top 10 for Dummies Part I Introduction In this blog series I will try to explain the most common threats for APIs using simple analogies. I started thinking about writing this blog last time I was visiting my grandfather. He asked me - “Inon, what do you do...
API vs Webhooks: How to Know When to Use Each
Applications on the internet today rely a lot on third-party integrations. And why shouldn’t they, when it helps developers focus more on the core product than tangling with different features? For instance, you could use a simple tool to handle your email marketing campaigns, or you could use a third-party payment provider to handle all the payments on your website.
WAF Versus NGWAF: How They Evolved and Where They Still Fall Short
Enterprises need to look beyond Web Application Firewalls to protect against API vulnerabilities
What is the OWASP Top 10?
OWASP has been the face of web application security for almost 20 years. One of the most widely known contributions to the industry is the OWASP Top 10 List.
What is Web Application Security?
Web Application Security is security for web apps, right? As with many technical topics, there are plenty of rabbit holes to dive into when discussing web application security, but let’s focus on the critical questions many have about it.