The Inside Trace

Categories
Date Posted
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

tag

tag

Introducing Traceable Cloud WAAP: Built for the Way Applications Work Today

Introducing Traceable Cloud WAAP: Built for the Way Applications Work Today

Introducing Traceable Cloud WAAP, the first major innovation from the combined Harness and Traceable teams. Purpose-built for modern, API-driven applications, this unified solution provides deep, context-aware protection across your web applications and APIs—wherever they run. It redefines cloud-native security with integrated capabilities in API security, bot mitigation, DDoS defense, and web app protection.
Company

April 24, 2025

The Practical Guide to Zero-Trust for APIs

The Practical Guide to Zero-Trust for APIs

Zero Trust APIs ensure security by treating all networks as compromised. Learn how to implement authentication, access control, and policies to protect APIs against threats while maintaining seamless operations.
Traceable ASPEN

February 26, 2025

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JWTs are a powerful tool for authentication, but improper implementation can expose applications to serious security risks. Learn how attackers exploit JWT vulnerabilities and how to defend against them.
Traceable ASPEN

February 26, 2025

Announcing Traceable Bot Defense

Announcing Traceable Bot Defense

Introducing Traceable Bot Defense: Real-Time Protection Against Bot Attacks We’re excited to announce the launch of Traceable Bot Defense, a cutting-edge solution designed to identify and mitigate bot attacks in real time. By leveraging API Sequence and Access Intelligence, we provide unmatched visibility into bot behavior, empowering businesses to detect and respond with precision. Our solution bridges gaps in traditional bot defense by offering: ✅ Comprehensive Behavioral Context – Detecting automation beyond JavaScript telemetry ✅ Post-Attack Insights – Identifying compromised accounts and assessing impact ✅ Unified Protection – Breaking silos between bot mitigation and fraud prevention ✅ Flexible Response – Custom workflows to monitor and mitigate risks at critical junctures This is just the beginning. Join us in redefining bot defense for the modern digital landscape.
Blog

February 25, 2025

The Journey Continues

The Journey Continues

Company

February 11, 2025

Exciting News: We’ve Merged Harness and Traceable To Create A New Leader In Secure Software Delivery

Exciting News: We’ve Merged Harness and Traceable To Create A New Leader In Secure Software Delivery

Harness and Traceable to merge to create a new leader in secure software delivery.
News

February 10, 2025

ALBeast: a simple misconfiguration to a complete authentication bypass

ALBeast: a simple misconfiguration to a complete authentication bypass

The ALBeast vulnerability represents a critical security flaw in AWS Application Load Balancer (ALB) authentication implementation that could lead to complete authentication bypass. This vulnerability, affecting over 15,000 applications, stems from improper validation of AWS-specific header claims and misconfigured security groups, allowing attackers to forge authentication tokens and impersonate legitimate users. The issue highlights the importance of proper JWT validation and security group configuration in AWS ALB implementations.
Traceable ASPEN
Security Research

December 19, 2024

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JSON Web Tokens (JWTs) offer stateless authentication in modern web applications, but improper implementation can expose critical vulnerabilities. This analysis explores attack vectors across JWT components, revealing how small oversights can lead to significant security breaches like privilege escalation and unauthorized access.
Traceable ASPEN

December 12, 2024

The Authorization Maze

The Authorization Maze

This article delves deep into the complexities of authorization in API security, exploring why implementing robust access controls is far more challenging than many engineers realize. Through real-world examples from companies like Airbnb and Uber, the author breaks down different types of authorization vulnerabilities (BOLA, BOPLA, BFLA) and explains the nuanced challenges of creating dynamic, context-aware access policies.
Security Research
API-Security

Decoding ownCloud’s Vulnerabilities: The Hidden Flaws of API Trust

Decoding ownCloud’s Vulnerabilities: The Hidden Flaws of API Trust

An in-depth analysis of three critical vulnerabilities discovered in ownCloud's API infrastructure, exposing risks in authentication, OAuth implementation, and file access controls. These security flaws highlight the importance of treating third-party APIs with enhanced scrutiny and implementing proper validation measures. Learn how these vulnerabilities were patched and what steps organizations should take to protect their systems.
Security Research
Traceable ASPEN

November 5, 2024

Help, I'm Being Attacked: Why WAFs & Gateways Won't Stop the Next API Attack

Help, I'm Being Attacked: Why WAFs & Gateways Won't Stop the Next API Attack

Many organizations mistakenly believe that Web Application Firewalls (WAFs) or API gateways provide sufficient protection against API attacks. While these tools offer useful traffic management and basic security features, they fall short when it comes to defending against more sophisticated API threats. WAFs are designed for web applications, not the complex logic and workflows of APIs, leaving them vulnerable to business logic and shadow API attacks. Similarly, API gateways, while helpful for managing API traffic and authentication, often miss critical vulnerabilities. Understanding the limitations of WAFs and gateways is the first step in strengthening your API security strategy.
Foundations
API-Security
App Security

October 24, 2024

Let’s Face It - Criminals are bypassing selfie verification in Know Your Customer processes

Let’s Face It - Criminals are bypassing selfie verification in Know Your Customer processes

Explore how criminals are exploiting selfie verification in Know Your Customer (KYC) processes for neobanks. Learn about the risks, current bypass techniques, and potential solutions for more secure digital identity verification in fintech.
API-Security
Generative AI

October 14, 2024

API Security: The Risk Threatening Australian Businesses

API Security: The Risk Threatening Australian Businesses

Explore API security ownership in modern Australian enterprises, key stakeholders, and how regulations like APRA and SOCI shape security practices and governance.
API-Security
API Security Ownership

October 8, 2024

Why "Check-the-Box” Solutions Are Insufficient for API Security

Why "Check-the-Box” Solutions Are Insufficient for API Security

Why “Check-the-Box” Solutions Are Insufficient for API Security
Compliance
API-Security

September 27, 2024

Securing Third Party APIs is Critical for Modern Business

Securing Third Party APIs is Critical for Modern Business

Third-party APIs are essential but risky, posing threats like data breaches and service disruptions. Securing them is key to protecting data and ensuring stability.
Blog
Foundations

September 20, 2024

Service Now RCE - The Three Keys to ServiceNow's Data Vault

Service Now RCE - The Three Keys to ServiceNow's Data Vault

Discover critical ServiceNow vulnerabilities (CVE-2024-4879, 5178, 5217) enabling remote code execution. Learn their impact & how Traceable secures your APIs.
Security Research
Traceable ASPEN

September 3, 2024

Securing Generative AI-Enabled Applications: Crawl - Walk - Run Strategy

Securing Generative AI-Enabled Applications: Crawl - Walk - Run Strategy

Learn how to secure generative AI in applications with a Crawl - Walk - Run approach for product and application security professionals.
Generative AI

September 6, 2024

Announcing Traceable API Inspector

Announcing Traceable API Inspector

Empowering API Security with Deep Inspection
API Inspector
News
API-Security
Blog
Developer

Traceable API Security Platform Updates - June & July 2024

Traceable API Security Platform Updates - June & July 2024

Discover major improvements: enhanced data classification, UX updates for API catalog, AST changes, and a new threat activity UI for better visibility and analysis.
Releases

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

APIs are crucial for web apps but pose security risks. Traceable uncovered a critical flaw in Honeywell's BEDQ system, highlighting the need for strong API security.
Traceable ASPEN
Security Research
API-Security

August 19, 2024

Organizing API Security Around the NIST Framework

Organizing API Security Around the NIST Framework

Revolutionize your API security strategy with NIST Cybersecurity Framework 2.0. Enhance protection, detection, and incident response.
API-Security
API Security Ownership

August 2, 2024

Navigating the Road to Automotive Security

Navigating the Road to Automotive Security

Traceable ASPEN's latest research highlights urgent automotive security needs, focusing on recent API vulnerabilities, real-time tracking, and data breaches.
API-Security
Security Research
Traceable ASPEN

July 23, 2024

Who Owns API Security? Introducing the Key Players

Who Owns API Security? Introducing the Key Players

Explore key roles in API security and how collaboration among stakeholders like CISOs and product security leaders fosters robust protection.
API Security Ownership

July 18, 2024

The Regulators Are Coming for Your Washing Machine App

The Regulators Are Coming for Your Washing Machine App

Discover how the PSTI Act 2022 and 2023 regulations shape IoT security, impacting manufacturers with new compliance standards and necessary steps for adherence.
Breach Analysis
Security Research

July 30, 2024

December Software Release

December Software Release

December was an extremely busy month for Traceable as we worked with customers to protect their environments from the Log4Shell vulnerability.
Releases

February 15, 2022

Traceable API Security Platform Updates - May 2024

Traceable API Security Platform Updates - May 2024

Traceable's May 2024 updates enhance API security with compliance policies, targeted testing filters, and improved detection of advanced threats.
Releases

June 20, 2024

API Security Masterclass Recap: Where Are All the APIs, Anyway?

API Security Masterclass Recap: Where Are All the APIs, Anyway?

Missed our API Security Masterclass? Catch key insights on API types, challenges, sprawl, vulnerabilities, and mapping your API attack surface.
API-Security

February 29, 2024

How to Implement Zero Trust Security in your Applications: A Tutorial

How to Implement Zero Trust Security in your Applications: A Tutorial

Zero trust security is the best answer to modern security threats. Learn how to adopt a zero trust security model in your applications and how Traceable AI can help.
API-Security

July 1, 2022

eBPF and API Security with Traceable

eBPF and API Security with Traceable

eBPF promises to radically advance what our infrastructure, application, and security tools will be able to do. Here’s some background on what eBPF is, how it works, and why Traceable is the leading API Security solution working with eBPF.
API-Security
Technology

July 15, 2022

How to Create Your First Next.js Serverless App

How to Create Your First Next.js Serverless App

This post will walk you through how to create a next js serverless app from scratch. You'll learn how to combine and use Next.js and MongoDB.
API-Security

June 23, 2022

API Breaches: What Should I Know and How Can I Prevent Them?

API Breaches: What Should I Know and How Can I Prevent Them?

It's difficult to implement all the best practices for every possible attack vector, especially since new vulnerabilities are always being discovered. That doesn't mean you shouldn't try.
API-Security

June 30, 2022

GraphQL Fragments: How to Simplify Your API Definitions

GraphQL Fragments: How to Simplify Your API Definitions

What are GraphQL Fragments? How can you take advantage if them to write cleaner code and more efficient applications? Find out here.
API-Security

May 11, 2022

How to Think About and Test API Latency

How to Think About and Test API Latency

In this post, we'll look at API latency including how you measure it, the difference between API response time and API latency, and more.
API-Security

April 15, 2022

Deploying Serverless Applications: The What and How

Deploying Serverless Applications: The What and How

In this article, we'll discuss the benefits of serverless architectures and go through some of the best practices for deploying serverless applications.
No items found.

April 15, 2022

How to Secure Microservices: The 6 Things You Can't Forget

How to Secure Microservices: The 6 Things You Can't Forget

Thinking about how to secure microservices? In this article you'll find 6 things you can't forget when it comes to microservices security.
API-Security

April 1, 2022

March | Traceable AI Feature Release

March | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, local hosting for EU/Asia and support for agentless deployments.
Releases

April 6, 2022

Monolithic vs. Microservices Architecture: Which Should I Use?

Monolithic vs. Microservices Architecture: Which Should I Use?

In this post we learn about monolithic vs microservices architectures and understand which to use and when.
No items found.

March 25, 2022

Serverless vs Containers: What's Right for Your Application?

Serverless vs Containers: What's Right for Your Application?

Serverless vs containers: Which one is right for your application? Learn more about these two main approaches to deploying applications.
API-Security

March 29, 2022

What is a CRUD API?

What is a CRUD API?

This post explains what a CRUD API is and how to apply it to different use cases to protect and interact with data in very specific ways.
API-Security

March 28, 2022

How to Mitigate DDoS Attacks on Your APIs

How to Mitigate DDoS Attacks on Your APIs

Learn what DDoS is and what it can do to your API endpoints, how to mitigate DDOS attacks, and build a security response.
API-Security

March 20, 2022

How to Filter Using GraphQL: A Simple Tutorial

How to Filter Using GraphQL: A Simple Tutorial

GraphQL offers a much more efficient, powerful alternative to REST
No items found.

March 18, 2022

5 Best Threat Hunting Tools for Your Security Team

5 Best Threat Hunting Tools for Your Security Team

We now have advanced tools that can make threat hunting easier and more accessible. In this post, learn about 5 threat hunting tools for API security.
API-Security

March 21, 2022

What Is Business Logic? The Inquisitive Reader's Guide

What Is Business Logic? The Inquisitive Reader's Guide

When you build application software and APIs, you'll often hear about "business logic." In this post you'll learn everything about it.
API Sprawl

March 16, 2022

A Beginner's Guide to API Governance

A Beginner's Guide to API Governance

API governance involves sticking to a set of principles when building an API. It's crucial since apps, organizations, and data sources will use the API.
API-Security

March 7, 2022

February | Traceable AI Feature Release

February | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, new support for AWS Lambda serverless architecture and new privacy features for managing sensitive data.
Releases

March 18, 2022

How Can I Achieve API Compliance?

How Can I Achieve API Compliance?

The world of API compliance is more important than ever today. In this post, dig deeper into API compliance and its importance.
API-Security

March 14, 2022

What is Network Traffic Analysis?

What is Network Traffic Analysis?

Learn about Network Traffic Analysis, its importance and different strengths and weaknesses.
API-Security

March 15, 2022

4 API Security Best Practices

4 API Security Best Practices

API security is a fundamental part of web applications. It is a great tool to help protect your apps, your business, and your users.
API-Security

March 13, 2022

How to Design Delightful API Architectures

How to Design Delightful API Architectures

delightful-api-architectures
API-Security

March 8, 2022

Sensitive Data Exposure: Why It Hurts

Sensitive Data Exposure: Why It Hurts

It’s very important that we think about how not to expose sensitive data, and that’s what this article is about: Sensitive Data Exposure.
API-Security

March 7, 2022

3 API Vulnerabilities to Look Out For

3 API Vulnerabilities to Look Out For

Every week, new API vulnerabilities are open to attackers. API security is essential, especially for those who depend on them.
API-Security

March 2, 2022

What Is API Ownership and How Can It Help Your Team?

What Is API Ownership and How Can It Help Your Team?

A guide about API ownership for leadership, senior engineers, security experts, and product managers to make/work better together.
API-Security

March 6, 2022

Microservice Security Principles and Best Practices

Microservice Security Principles and Best Practices

In this post, you'll learn about the most important microservices security principles and some best practices.
API-Security

March 2, 2022

Web API Security: Rule-Based and Signature-Based Only Security Isn’t Good Enough

Web API Security: Rule-Based and Signature-Based Only Security Isn’t Good Enough

Attackers have learned to defeat traditional ‘moat around the castle’ perimeter defenses. Modern application security tools offer the answer: distributed tracing and AI that understands the app they protect.
API-Security
App Security

May 12, 2021

Traceable Defense AI M8 Released

Traceable Defense AI M8 Released

Easier deployment process, extended agent support, extended API Intelligence, easier to find problems, protection additions, improved UX around threat hunting, ability to isolate per environment
Releases

April 11, 2021

AWS WAF and CloudFront: How to Use Them Together

AWS WAF and CloudFront: How to Use Them Together

Security is crucial, as exposing user data is devastating. While often overlooked, AWS CloudFront and WAF simplify security, letting you focus on features. This post covers CloudFront, WAF, and SQL injection.
API-Security
Cloud Native
Developer
Technology

September 16, 2021

API Security Trends in the Financial Sector: A CISO's Perspective

API Security Trends in the Financial Sector: A CISO's Perspective

Former CISO Richard Bird shares API security trends in finance, spotlighting insights from Traceable's "State of API Security in Financial Services" report.
State of API Security

June 12, 2024

Critical PHP CGI Argument Injection Vulnerability (CVE-2024-4577)

Critical PHP CGI Argument Injection Vulnerability (CVE-2024-4577)

This flaw, affecting PHP on Windows, exploits a Unicode processing issue, enabling attackers to inject arbitrary command-line arguments, leading to Remote Code Execution.
Traceable ASPEN

June 12, 2024

Traceable + Wiz: Supercharging Threat Detection with Complete Cloud and API Context

Traceable + Wiz: Supercharging Threat Detection with Complete Cloud and API Context

Improve threat detection with Traceable and Wiz integration, bringing together API and cloud security for better threat correlation, prioritization and incident response.
Cloud Native
Releases

June 6, 2024

Lessons in Securing Mobility Site Management APIs

Lessons in Securing Mobility Site Management APIs

Mobile device management (MDM) systems are essential for large enterprises to track devices accessing the corporate network and ensure security.
Security Research
Traceable ASPEN
API-Security

May 16, 2024

Traceable Co-founder Reveals Key Drivers Behind the Company's Rapid Growth

Traceable Co-founder Reveals Key Drivers Behind the Company's Rapid Growth

Traceable co-founder and CTO Sanjay Nagaraj provided a deep dive into the factors fueling the company's remarkable success since its launch in 2018.
Company
Generative AI
News

June 11, 2024

The State of API Security at RSA 2024: Alarming Trends and Insights

The State of API Security at RSA 2024: Alarming Trends and Insights

Explore the RSA Conference 2024 survey findings on API security challenges and the urgent need for a holistic approach in a rapidly evolving digital landscape.
State of API Security

June 3, 2024

Traceable API Security Platform Updates - April 2024

Traceable API Security Platform Updates - April 2024

Explore Traceable's April 2024 updates on API security, featuring Generative AI protection, advanced DAST for GraphQL, and improved vulnerability management.
Releases

May 10, 2024

How API Flaws Allowed Students to do their Laundry for Free

How API Flaws Allowed Students to do their Laundry for Free

Smart appliances offer convenience, but security flaws in CSC ServiceWorks' laundry system allowed free cycles, raising concerns over device safety.
Breach Analysis
Security Research
Traceable ASPEN

May 30, 2024

The Confluence Of Fraud Prevention and AppSec Through API Security

The Confluence Of Fraud Prevention and AppSec Through API Security

APIs drive data exchange but attract fraud. Discover how API security platforms detect and prevent fraud while safeguarding sensitive data.
Fraud

May 22, 2024

API Security Masterclass Recap: Your Guide to the OWASP API Top 10

API Security Masterclass Recap: Your Guide to the OWASP API Top 10

Missed the live API security masterclass webinar? Don't worry! Our blog recap covers the OWASP API Top 10 and offers essential API security best practices. Discover the most critical API vulnerabilities, expert strategies for finding and addressing them, and learn the vital principles for protecting your valuable APIs.
Foundations

April 30, 2024

Understanding CVE-2024-3400 in PAN-OS GlobalProtect

Understanding CVE-2024-3400 in PAN-OS GlobalProtect

CVE-2024-3400 targets Palo Alto GlobalProtect, allowing attackers to write arbitrary files and execute system commands. Learn best practices for preventing exploits.
Breach Analysis
Security Research
Traceable ASPEN

April 23, 2024

API Security: What Every Developer Needs to Know

API Security: What Every Developer Needs to Know

APIs are the backbone of modern apps. Learn crucial API security principles to defend against OWASP Top 10 vulnerabilities, implement robust authentication, and ensure data protection.
API-Security
Developer
Foundations

April 19, 2024

API Summit 2024: Security Challenges, AI, and What's Next

API Summit 2024: Security Challenges, AI, and What's Next

API security isn't always top of mind. Here's what I learned about the challenges and the latest trends from the API Summit.
API-Security
Developer
News

March 28, 2024

To Secure Generative AI Applications, Start with Your APIs

To Secure Generative AI Applications, Start with Your APIs

Learn how API security can mitigate risks like prompt injection, sensitive data disclosure, and insecure output handling in your LLM-powered applications.
Generative AI
LLM

March 27, 2024

Traceable API Security Platform Updates - March 2024

Traceable API Security Platform Updates - March 2024

Traceable's March 2024 release enhances API security with advanced analytics, protection against GraphQL introspection & SSTI, and F5 ASM WAF integration.
Releases

April 10, 2024

Context-Aware Security: Key Driver for Enhancing API Security in 2024

Context-Aware Security: Key Driver for Enhancing API Security in 2024

APIs and API security are evolving. Context-aware security analyzes user behavior, data sensitivity, and environment factors for real-time threat responses.
API-Security
Generative AI

March 17, 2024

Data Poisoning LLM: How API Vulnerabilities Compromise LLM Data Integrity

Data Poisoning LLM: How API Vulnerabilities Compromise LLM Data Integrity

Data poisoning threatens LLMs as attackers exploit API weaknesses to corrupt AI data. Learn about attack types, impacts, and essential API security measures.
API-Security
Generative AI

March 16, 2024

Traceable API Security Platform Updates - February 2024

Traceable API Security Platform Updates - February 2024

February's releases bring security analytics, session attribution enhancements, data flow visualization, and new platform agent management features.
Releases

March 7, 2024

Webinar Recap: API Security Predictions 2024: The Critical Crossroads is Here

Webinar Recap: API Security Predictions 2024: The Critical Crossroads is Here

APIs drive digital innovation but face rising threats. Explore shocking API breach stats from Traceable's 2023 report and expert predictions for 2024 security trends.
API-Security
State of API Security

March 16, 2024

Navigating the Maze: Understanding API Sprawl and Its Implications

Navigating the Maze: Understanding API Sprawl and Its Implications

API sprawl hinders the efficiency and security of modern digital ecosystems. Explore the causes of sprawl, its potential consequences, and how to proactively manage your API environment for improved security and operational success.
API Sprawl
Blog

March 25, 2024

Weekly Cybersecurity Roundup: Week of March 15, 2024

Weekly Cybersecurity Roundup: Week of March 15, 2024

Cybersecurity news reveals: API vulnerabilities in healthcare AI, massive credential leaks, and the importance of data breach verification.
News

March 17, 2024

Traceable ASPEN: Leading the Charge in API Security Research

Traceable ASPEN: Leading the Charge in API Security Research

Discover Traceable ASPEN, a dedicated team revolutionizing API security through research on API sprawl, vulnerabilities, and threat intelligence.
Traceable ASPEN

February 29, 2024

PCI-DSS 4.0 Simplified with Traceable

PCI-DSS 4.0 Simplified with Traceable

Explore simplified PCI-DSS 4.0 compliance strategies designed to enhance data protection. Elevate security measures effortlessly.
API-Security
PCI DSS Compliance

February 14, 2024

Angular-ing for AuthZ, Problematic anti-patterns in Single Sign On Systems

Angular-ing for AuthZ, Problematic anti-patterns in Single Sign On Systems

A critical SSO vulnerability in a Fortune 500 app risks millions of records. Learn about SSO security risks, fixes, and protecting APIs from similar attacks.
Security Research
Traceable ASPEN
API-Security

March 5, 2024

Don't Let Your APIs Get Ghosted: How to Tackle API Sprawl and Unknown APIs

Don't Let Your APIs Get Ghosted: How to Tackle API Sprawl and Unknown APIs

Explore the complexities of API sprawl and its impact on organizational security in this insightful blog post. Discover how unknown APIs—Shadow, Zombie, and Ghost APIs—contribute to API sprawl and learn strategies for mitigating their risks.
API-Security

February 14, 2024

Traceable API Security Platform Updates - January 2024

Traceable API Security Platform Updates - January 2024

Discover Traceable's updates: API Security Testing, advanced analytics, and top tool integrations for ultimate API protection.
Company
Releases

February 7, 2024

Unlocking the Power of eBPF at Traceable

Unlocking the Power of eBPF at Traceable

Discover how eBPF's kernel-level operation enables efficient data collection and analysis, making it an essential tool for modern network and security professionals. Perfect for tech enthusiasts and professionals, this blog demystifies eBPF and highlights its critical role in enhancing API traffic monitoring and security.
API-Security

January 11, 2024

Open API Security Explained: Impact on Business and Technology

Open API Security Explained: Impact on Business and Technology

Explore "Open APIs Explained" to learn how Open APIs drive innovation in business and technology. Discover their benefits, applications and key security measures.
API-Security
State of API Security

January 27, 2024

Navigating the Aftermath of the "Mother of All Breaches"

Navigating the Aftermath of the "Mother of All Breaches"

During Data Privacy Week, the "Mother of All Breaches" exposes 26 billion records, emphasizing the urgent need for data protection.
API-Security
Breach Analysis

January 26, 2024

The Biggest Data Breaches Aren’t Even Breaches Anymore: The Rise of the Scraped Data Breach

The Biggest Data Breaches Aren’t Even Breaches Anymore: The Rise of the Scraped Data Breach

Explore the shift to scraped data breaches, data scraping challenges, and the importance of early detection and GDPR compliance in our latest blog.
Breach Analysis

January 24, 2024

Holiday Hacks: Unraveling API Exploits Fueling Digital Fraud

Holiday Hacks: Unraveling API Exploits Fueling Digital Fraud

Master E-commerce API security this holiday season with tips to detect and prevent vulnerabilities using tools like OWASP Juice Shop and Burp Suite.
Breach Analysis
Foundations

December 13, 2023

Traceable API Security Platform Updates - November 2023

Traceable API Security Platform Updates - November 2023

Discover the November 2023 updates enhancing analytics queries, threat detection, WAF integrations, and out-of-band data collection flexibility.
Releases

December 7, 2023

2023 API Security Trends: Insights, Risks, and Strategies

2023 API Security Trends: Insights, Risks, and Strategies

Explore API security essentials from Traceable's 2023 report, featuring insights on vulnerabilities, breaches, and effective risk management for IT pros.
State of API Security

December 7, 2023

Apache Struts Strikes Again! From Path Traversal to Remote Code Execution

Apache Struts Strikes Again! From Path Traversal to Remote Code Execution

Insights into Apache Struts vulnerability CVE-2023-50164 in our blog by Soujanya Namburi. Learn why it's a major concern since the 2017 Equifax breach.
Security Research

January 10, 2024

Agentless API Security in Google Cloud

Agentless API Security in Google Cloud

Traceable integrates with Google Cloud load balancers for agentless API security, enhancing protection for all API traffic in Google Cloud.
API-Security
Cloud Native

November 18, 2023

Dizzy Keys: Why API Key Rotation Matters

Dizzy Keys: Why API Key Rotation Matters

Learn essential API key security, management, and rotation to safeguard against threats. A must-read for cybersecurity professionals and online users.
API-Security
Foundations

December 5, 2023

API Security Strategies for E-Commerce Platforms

API Security Strategies for E-Commerce Platforms

Discover essential ecommerce security strategies to tackle vulnerabilities, brute force attacks, and more. Learn how all-in-one solutions like Traceable can help.
API-Security
Foundations

November 21, 2023

Traceable API Security Platform Updates - October 2023

Traceable API Security Platform Updates - October 2023

Discover October's exciting Traceable releases, featuring deep visibility into gRPC calls, enhanced event tracking, and powerful search and share capabilities.
Releases

November 8, 2023

Open Banking API Security: Financial Data Sharing & Role of Open APIs

Open Banking API Security: Financial Data Sharing & Role of Open APIs

Discover the U.S. open banking revolution: its global impact, the Open Banking Rule, CFPB's draft, and how open APIs are transforming finance.
API-Security
News

October 23, 2023

Decoding and Defending Against Broken Object Level Authorization (BOLA)

Decoding and Defending Against Broken Object Level Authorization (BOLA)

Broken Object Level Authorization (BOLA) remains a critical vulnerability in API security, highlighted in the OWASP API Top 10. BOLA occurs when users access or manipulate resources beyond their permissions. This article delves into how BOLA manifests in APIs, its impact, and effective strategies for mitigation, emphasizing the need for comprehensive access control and vigilant application security programs.
Foundations

November 14, 2023

Traceable API Security Platform Updates - September 2023

Traceable API Security Platform Updates - September 2023

In September, Traceable AI simplified API testing, added threat analysis tools for hunting, and improved table-based explorations for a better user experience.
Releases

October 4, 2023

How Traceable Aligns to Forrester's Eight Components of API Security

How Traceable Aligns to Forrester's Eight Components of API Security

Discover how Traceable aligns with Forrester's API security report, tackling challenges and offering solutions for robust protection and governance.
API-Security

October 18, 2023

President Biden's Executive Order on Artificial Intelligence: A Cybersecurity Perspective

President Biden's Executive Order on Artificial Intelligence: A Cybersecurity Perspective

Discover how APIs support President Biden's AI Executive Order, enhancing interoperability, scalability, and security for a trustworthy AI ecosystem.
API-Security
Generative AI
News

October 30, 2023

No Results Found

Compliance
API Inspector
API Security Ownership
Blog
Technology
PCI DSS Compliance
Observability
LLM
Foundations
Developer
API Sprawl
Fraud
Security Research
Breach Analysis
News
Generative AI
Company
Traceable ASPEN
State of API Security
Releases
App Security
API-Security
Cloud Native

Angular-ing for AuthZ, Problematic anti-patterns in Single Sign On Systems

A critical SSO vulnerability in a Fortune 500 app risks millions of records. Learn about SSO security risks, fixes, and protecting APIs from similar attacks.

March 5, 2024

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

APIs are crucial for web apps but pose security risks. Traceable uncovered a critical flaw in Honeywell's BEDQ system, highlighting the need for strong API security.

August 19, 2024

Lessons in Securing Mobility Site Management APIs

Mobile device management (MDM) systems are essential for large enterprises to track devices accessing the corporate network and ensure security.

May 16, 2024

Introducing Traceable Cloud WAAP: Built for the Way Applications Work Today

Introducing Traceable Cloud WAAP, the first major innovation from the combined Harness and Traceable teams. Purpose-built for modern, API-driven applications, this unified solution provides deep, context-aware protection across your web applications and APIs—wherever they run. It redefines cloud-native security with integrated capabilities in API security, bot mitigation, DDoS defense, and web app protection.

April 24, 2025

Recent Posts

Introducing Traceable Cloud WAAP: Built for the Way Applications Work Today

April 24, 2025

The Practical Guide to Zero-Trust for APIs

February 26, 2025

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

February 26, 2025

Announcing Traceable Bot Defense

February 25, 2025

The Journey Continues

February 11, 2025

Exciting News: We’ve Merged Harness and Traceable To Create A New Leader In Secure Software Delivery

February 10, 2025

API Security

View All Blogs
arrow

The Authorization Maze

This article delves deep into the complexities of authorization in API security, exploring why implementing robust access controls is far more challenging than many engineers realize. Through real-world examples from companies like Airbnb and Uber, the author breaks down different types of authorization vulnerabilities (BOLA, BOPLA, BFLA) and explains the nuanced challenges of creating dynamic, context-aware access policies.

API Security: The Risk Threatening Australian Businesses

Explore API security ownership in modern Australian enterprises, key stakeholders, and how regulations like APRA and SOCI shape security practices and governance.

October 8, 2024

Why "Check-the-Box” Solutions Are Insufficient for API Security

Why “Check-the-Box” Solutions Are Insufficient for API Security

September 27, 2024

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

APIs are crucial for web apps but pose security risks. Traceable uncovered a critical flaw in Honeywell's BEDQ system, highlighting the need for strong API security.

August 19, 2024

Traceable ASPEN

View All Blogs
arrow

ALBeast: a simple misconfiguration to a complete authentication bypass

The ALBeast vulnerability represents a critical security flaw in AWS Application Load Balancer (ALB) authentication implementation that could lead to complete authentication bypass. This vulnerability, affecting over 15,000 applications, stems from improper validation of AWS-specific header claims and misconfigured security groups, allowing attackers to forge authentication tokens and impersonate legitimate users. The issue highlights the importance of proper JWT validation and security group configuration in AWS ALB implementations.

December 19, 2024

ALBeast: a simple misconfiguration to a complete authentication bypass

The ALBeast vulnerability represents a critical security flaw in AWS Application Load Balancer (ALB) authentication implementation that could lead to complete authentication bypass. This vulnerability, affecting over 15,000 applications, stems from improper validation of AWS-specific header claims and misconfigured security groups, allowing attackers to forge authentication tokens and impersonate legitimate users. The issue highlights the importance of proper JWT validation and security group configuration in AWS ALB implementations.

December 19, 2024

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JSON Web Tokens (JWTs) offer stateless authentication in modern web applications, but improper implementation can expose critical vulnerabilities. This analysis explores attack vectors across JWT components, revealing how small oversights can lead to significant security breaches like privilege escalation and unauthorized access.

December 12, 2024

The Practical Guide to Zero-Trust for APIs

Zero Trust APIs ensure security by treating all networks as compromised. Learn how to implement authentication, access control, and policies to protect APIs against threats while maintaining seamless operations.

February 26, 2025

JWTs Under the Microscope: How Attackers Exploit Authentication and Authorization Weaknesses

JWTs are a powerful tool for authentication, but improper implementation can expose applications to serious security risks. Learn how attackers exploit JWT vulnerabilities and how to defend against them.

February 26, 2025

ALBeast: a simple misconfiguration to a complete authentication bypass

The ALBeast vulnerability represents a critical security flaw in AWS Application Load Balancer (ALB) authentication implementation that could lead to complete authentication bypass. This vulnerability, affecting over 15,000 applications, stems from improper validation of AWS-specific header claims and misconfigured security groups, allowing attackers to forge authentication tokens and impersonate legitimate users. The issue highlights the importance of proper JWT validation and security group configuration in AWS ALB implementations.

December 19, 2024

Product Updates

View All Blogs
arrow

Traceable API Security Platform Updates - June & July 2024

Discover major improvements: enhanced data classification, UX updates for API catalog, AST changes, and a new threat activity UI for better visibility and analysis.

December Software Release

December was an extremely busy month for Traceable as we worked with customers to protect their environments from the Log4Shell vulnerability.

February 15, 2022

Traceable API Security Platform Updates - May 2024

Traceable's May 2024 updates enhance API security with compliance policies, targeted testing filters, and improved detection of advanced threats.

June 20, 2024

March | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, local hosting for EU/Asia and support for agentless deployments.

April 6, 2022

February | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, new support for AWS Lambda serverless architecture and new privacy features for managing sensitive data.

March 18, 2022

Traceable Defense AI M8 Released

Easier deployment process, extended agent support, extended API Intelligence, easier to find problems, protection additions, improved UX around threat hunting, ability to isolate per environment

April 11, 2021

The Inside Trace

Subscribe for expert insights on application security.

Thanks! Your subscription has been recorded.

or subscribe to our RSS Feed

WHY TRACEABLE
Why TraceableOur CustomersIn the NewsRequest DemoCompare Traceable
PLATFORM
API & App Discovery & Risk AssessmentAPI & App Security TestingAPI & App Runtime Protection
USE CASES
API DiscoveryShift Left SecuritySensitive Data ExfiltrationAccount TakeoverBot MitigationIncident ResponseData Privacy and Compliance
RESOURCES
OverviewRelated API Resources BlogWebinarsCustomer Peer ReviewsCase StudiesWhite PaperDatasheetsLearning CenterCustomer Success & Support
COMPANY
Sign In About TraceableCareersPressPress KitCustomer SupportSecurity and ComplianceLegalPrivacy Policy
© 2025 Harness Inc.
Subscription TermsWebsite Terms of UsePrivacy Statement
Opt Out
Do Not Sell / Share My Personal Information
Cookie Settings
© 2024 Harness Inc.