Subscribe for expert insights to protect your APIs.
Thanks! Your subscription has been recorded.
The 2023 State of API Security: A Global Study on the Reality of API Risk: This report is a labor of profound research and hard work, delving into intricate matters such as API-related data breaches, the growing concern of API sprawl, API ownership, and the risks of fraud and abuse, as well as the growing role of Zero Trust in API Security initiatives.
WAFs are designed to protect your web applications from web application attacks. But they leave you vulnerable to API attacks. This blog discusses the 11 things that WAFs don’t do that are needed to properly protect APIs.
Unlock the secrets of API abuse attacks with our comprehensive blog post. Explore the anatomy of these cyber threats, from reconnaissance to data exfiltration, and delve into the extended threat landscape. Learn about advanced protective measures, industry standards, and regulations to fortify your API security. Enhance your understanding of API vulnerabilities and arm your organization with the knowledge to counteract malicious activities.
A Deep Dive Into API Security: Unpacking Traceable's Definitive API Security Guide As we navigate through the increasingly digital landscape of the 21st century, APIs have become the unseen threads that stitch together our interconnected world. They underpin our web...
Preventing data loss has become incredibly challenging in an API-driven world. Companies lockdown sensitive data internally with access controls, encryption, data classification and data loss prevention (DLP) platforms. They typically safeguard web applications with application security tooling or Web Application Firewalls (WAF). Cloud Security is often implemented with dedicated secure access service edge (SASE) architectures, including cloud access security brokers (CASBs).
This blog delves into the transformative impact of API ownership on cybersecurity, arguing that security markedly improves when there is a defined owner who understands the API, its use cases, and potential vulnerabilities, and is accountable for its secure operation. API ownership, while requiring some organizational reorientation, is an investment in future-proofing against security breaches and a crucial component of an effective cybersecurity strategy.
Discover the rising significance of API inventory in the evolving landscape of cybersecurity, as highlighted by the recently updated OWASP API Top 10. Our comprehensive blog discusses the crucial role API inventory plays in securing your digital assets, especially against the backdrop of escalating industry standards and regulatory requirements.
OWASP API Security Top 10 List 2023 Refresh, from one of the project leaders The OWASP API Security project just released the new version of the OWASP Top 10 for APIs. The project leaders - Paulo Silva, Erez Yalon, and I - Inon Shkedy, have been working together with...
Sensitive Data Exfiltration: The New Nemesis of API Security This past year has brought many different industries some of the worst data breaches in history, and API data breaches have topped that list. Large companies such as T-Mobile, Optus, and several automotive...
Traceable Announces Commitment to Respecting Data by Becoming a 2023 Data Privacy Week Champion This year’s initiative emphasizes educating businesses on data collection best practices that respect data privacy and promoting transparency. Data Privacy Week is an...
Introduction - What is API Abuse? API Abuse has recently become an important topic among security professionals, and for good reason. In the past two years, we’ve seen large scale data breaches happen as a result of APIs being abused and misused in some way. API Abuse...
A Modern Approach to API Governance: Challenges and Recommendations Introduction With any IT system, old or new, adequate risk management is critical for sufficient system protection, prioritizing of issues, data privacy, and making sure appropriate compliance...
This article will go over how defense in depth and layered security work as well as the benefits of using them.
In today’s post, we’ll guide you through the modernization of your legacy application and determine if it’s something you should implement.
In this post, you’ll learn some essential tips and tricks about planning your cloud security architecture.
The Business Case for API Security: Why API Security? Why Now? We are just about to finish yet another year -- 2022. And in terms of cybersecurity and specifically, API Security, the past 12 months has been quite a challenge for many industries. As with any emerging...
Cloud DLP: What It Is and Why It's Needed The 21st century has moved data storage practices from traditional modes such as the use of hard drives to incorporate cloud-based methods. Cloud data storage involves storing data in a secure manner on the internet through a...
Sensitive Data Leakage: Defined and Explained We live in a digital world where everything happens on the internet, from filling out important financial forms to online shopping. All such activities require you to fill in some sensitive data via the internet. As more...
OWASP API Top 10 for Dummies: Part III Welcome back to our blog series on the OWASP API Top 10! This is continued from Part I and Part II. If you haven’t read the first two parts in this blog series, check them out! These blogs are written for a non-technical...
Black Friday Cybersecurity: Insights from Traceable Chief Security Officer, Richard Bird. It's that time again -- the season of Black Friday and Cyber Monday, and all the cybersecurity trimmings that come along with them. This time of year, retail and e-commerce shops...
Welcome back to our blog series on the OWASP API Top 10! In Part II, we tackle Lack of Rate Limiting, Broken Function Level Authorization (BFLA), and Mass Assignment.
Read on to discover what a security posture is and tips for strengthening your posture to prevent attacks from causing significant damage.
Many business leaders remain in the dark about the dangers of bot attacks. Let’s learn about how they work, and tips for preventing them.
API Abuse: Types, Causes, and How to Defend Against Them There are a few real-life analogies we can use to describe APIs. One is that they're like doors that provide access to an underlying system. It's an apt security analogy. You want doors to open smoothly and...
OWASP API Top 10 for Dummies Part I Introduction In this blog series I will try to explain the most common threats for APIs using simple analogies. I started thinking about writing this blog last time I was visiting my grandfather. He asked me - “Inon, what do you do...
Applications on the internet today rely a lot on third-party integrations. And why shouldn’t they, when it helps developers focus more on the core product than tangling with different features? For instance, you could use a simple tool to handle your email marketing campaigns, or you could use a third-party payment provider to handle all the payments on your website.
Enterprises need to look beyond Web Application Firewalls to protect against API vulnerabilities
OWASP has been the face of web application security for almost 20 years. One of the most widely known contributions to the industry is the OWASP Top 10 List.
Web Application Security is security for web apps, right? As with many technical topics, there are plenty of rabbit holes to dive into when discussing web application security, but let’s focus on the critical questions many have about it.