We are pleased to announce that Traceable AI has added a new agentless deployment option of traffic mirroring for customers who wish to deploy an API security solution to protect their API-driven applications.
Cloud-native
Subscribe for expert insights to protect your applications.
Thanks! Your subscription has been recorded.
Jyoti Bansal Interview
TechStrongTV interviews Jyoti Bansal, 3-time entrepeneur, about his latest startup in the cloud native application security space, Traceable AI.
Traceable AI Datasheet
The Traceable AI product overview, summarized in a hand-out format.
Traceable AI Overview Demo
In this 12 minute video see an overview of Traceable Defense AI and how it uses security observability with artificial intelligence and machine learning to secure modern application architectures and their API’s.
The Price of Hubris: The Perils of Overestimating the Security of Your APIs
This e-book offers a warning on what happens when you overestimate the security of your APIs. It provides a look into the tactics and techniques of API hacker Alissa Knight.
The Practical Guide to API Security
Aaron Lieberman shares best practices and insights into API security. This eBook is intended for developers, technical leads, architects, and leaders interested in building and securing a robust API environment.
The Perils of Overestimating the Security of Your APIs
In 2019, I hacked 30 bank mobile apps and APIs in coordination with domestic and international financial services and FinTech companies. In 2020-2021, I hacked 30 mobile health (mHealth) apps and FHIR APIs in coordination with healthcare providers, giving me access to thousands of patient records via their APIs due to broken authentication and authorization vulnerabilities. This year, in coordination with federal and state law enforcement agencies, I was able to take remote control of law enforcement vehicles through the automaker’s APIs.
A Better Way to Secure Your Apps and APIs – Introducing Traceable
Learn about Traceable and hear from expert customers and advisors about cloud-native application security
API Management Gateways Don’t Provide Enough Security
Bold security threats are giving rise to a new industry of API-specific security capabilities much more powerful than current management tools.
Evolution of Application Security – and where next
Learn how modern application architectures are driving an evolution and transformation in how applications are protected and secured.
Can Security Keep up with the Pace of Change?
New technologies are revolutionizing software development, but they potentially come with their own vulnerabilities. Is modern application development leaving you open to attack?
API and Modern Application Security
Requirements for securing modern applications. Learn how application security must evolve to protect modern cloud-native applications.
Introduction to the API Security Landscape
Learn about APIs and why they are so important for securing your web applications.
What can AI do for API Security
Using machine learning for cloud-native application security
Continuous Delivery and Application Security – The Future
In this webinar, Jyoti Bansal, CEO and Founder, Traceable.AI and Harness.io, explains how the new technologies of micro services, APIs, and cloud-native architectures have created new attack surfaces and potential vulnerabilities, and the things we are doing to help close the gaps.
Why API Security? (KubeCon 2021)
Alan Shimel , Founder of Security Boulevard and Ashish Kuthiala, CMO of Traceable AI, discuss the importance of API Security for engineering teams and how to get get started.
Think your Applications & API are Secure? They Aren’t (KubeDaily DevSec Ops Conf 2021)
The growing use of APIs means new API attack surfaces and methods that today’s security tools are inadequate to protect against. We’ll discuss what’s changed and what you can do about it.
CISO Panel: Cloud Native Security Challenges & Solutions
Leading CISOs share their insights on cloud-native application security challenges and solutions
OWASP API Top 10 Webinar Series Episode I
Episode I: Project Background and the Most Significant Threat to APIs
OWASP API Top 10 Webinar Series Episode II
Episode II: Broken User Authentication, Excessive Data Exposure, Resources & Rate Limiting, and Broken Function Level Authorization
OWASP API Top 10 Webinar Series Episode IIII
Episode III: Mass Assignment, Security Misconfiguration, Injection, Improper Assets Management, and Insufficient Logging & Monitoring
OWASP API Top 10 Webinar Series Episode IV
Episode IV: The Attacker’s Perspective, Approaches To API Pentesting, Best Tools For Finding Entry Points
API and Application Security (API Days London Talk)
Presentation to API Days London on API security and why we need to change our approach to application security given the new landscape of cloud-native, microservices and API-driven applications. Also covers Traceable AIs approach.
API Security: Everything you need to know to protect your APIs
APIs are such a valuable asset to bad actors, but many organizations have not yet woken up to the realities of the need to protect their APIs from abuse. Aaron Lieberman (Big Compass), Dan Gordon (Traceable AI) cover how to go about doing so.
Secure your GraphQL & gRPC APIs
Come hear about the latest protocols supported in Traceable AI.
A Deep Dive On The Most Critical API Vulnerability — BOLA (Broken Object Level Authorization)
In this article, I dig into the details about Broken Object Level Authorization (BOLA) — the most common and most severe API vulnerability today according to the OWASP API Security Project. Insecure Direct Object Reference (IDOR) and BOLA are the same thing. The name was changed from IDOR to BOLA as part of the project.
Managing Security and Risk throughout the Digital Transformation Process
With digital transformation in the financial service sector accelerating faster than ever, securing the technologies has never been more important. Our panelists explore the new challenges.
Problems Runtime Application Self-Protection (RASP) Doesn’t Solve
RASP, or Runtime Application Self-Protection, is a modern security technology that protects web applications from attacks during runtime. We’ll take a deeper look into RASPs. What their advantages are, and what their disadvantages are.
Observability: Present & Future
Observability plays an important role in a world full of modern cloud-native applications. It helps us to understand complex architectures, the root cause of the problems, and performance issues easily. In this Panel discussion, we will discussour panelists’ visions around observability.
Scaling the kafka consumer for a machine learning service in python
Imagine you are supposed to build a python service using machine learning model (trained offline) to detect if a web request is anomalous or not. The requests are coming at a rate of 1000 per second initially but will gradually increase as your main application reaches more customers.
Traceable AI Software Release – Fall 2021 Update
At Traceable, we’ve been keeping very busy in the last couple of months. During this time, we launched a number of exciting new offerings and key features with the continued aim to help our customers to have the best API Security solution in the industry.
AWS WAF and CloudFront: How to Use Them Together
Security is really important. There is nothing like the gut-wrenching feeling of exposing users’ data. However, security isn’t the most exciting part of web development and is often ignored. Using AWS CloudFront and AWS WAF together, you can add some security to your sites with less work and focus on making features for your users.
How to Test API Security: A Guide and Checklist
APIs are the pipes that connect various applications and (micro)services. As data flows through them, security is of utmost importance to prevent data leakage. Also, since APIs are like doors into your application, they’re the obvious entry point for attackers who want to break your system.
WAF vs. RASP: A Comparison and Guide to Leveraging Both
The majority of organizations rely heavily on third-party web applications connected through APIs to generate revenue and serve customers. In many cases, these web applications contain security vulnerabilities.
Try a DevOps Approach to Reduce Security False Positives and Negatives
Better security rules increase false positives — which causes more complacency. Better tools for creating the context for more sophisticated rules and automated workflows can help.
Planning for Modern Application Security Forensics and Exploration
As part of DevSecOps best practices, modern application developers and security teams should borrow techniques from crime scene forensics to investigate and protect against attacks.
Announcing Traceable AI – The First Free API Security Solution
Today marks an exciting milestone for us and for the security industry overall. Today, we are announcing the industry’s first free API security solution.
API Authentication and Authorization the Right Way — Part 3
Teams need to address three core elements to develop an effective yet scalable model for API security.
Shine a Light on Shadow APIs To Improve Security
Shadow APIs lurk outside the sight of normal IT governance processes. The problem: Attackers can use them to access data and applications.
Traceable wins 2021 Fortress Cyber Security Award
Traceable was just named winner of the 2021 Fortress Cyber Security Award for application security. As CTO and co-founder, here’s my thoughts on this.
What is Zero Trust in the Cybersecurity Executive Order
The president of the United States signed an Executive Order on improving the Nation’s Cybersecurity. It covers many things, one of which is zero trust architecture. What does this mean?
How Zombie APIs Pose a Forgotten Vulnerability
Like the undead, deprecated APIs can lurk hidden in the background until an attacker gives them new life. The fix? A proper funeral.
Traceable Winner of the Global InfoSec Awards for Next-Gen in Cybersecurity Artificial Intelligence
Traceable was just named winner of the Global InfoSec Awards for Next-Gen in Cybersecurity Artificial Intelligence during RSA Conference 2021. As CEO and co-founder, here’s my thoughts on this.
Web API Security: Rule-Based and Signature-Based Only Security Isn’t Good Enough
Attackers have learned to defeat traditional ‘moat around the castle’ perimeter defenses. Modern application security tools offer the answer: distributed tracing and AI that understands the app they protect.
How RASP Has Transformed App Security. What’s Next?
Runtime Application Security-Protection tools have evolved from standalone technology to essential components guarding web applications.
WAF Versus NGWAF: How They Evolved and Where They Still Fall Short
Enterprises need to look beyond Web Application Firewalls to protect against API vulnerabilities
Rise of Broad Reliance on APIs Brings Novel Vector for Security Concern and Need for New Defense
A discussion with Traceable AI CEO and co-founder Jyoti Bansal on how APIs, microservices, and cloud-native computing form a new frontier for cybersecurity vulnerabilities -- as well as opportunities for innovative defenses and resilience.
Why I Joined Traceable
This blog about why my career transition to Traceable has taken longer than expected. My new job in this dynamic company has kept me very busy — in a good way.
How To Avoid Exposing Private Data By Securing APIs
What cloud application security options are available to protect personal data in the API economy?
The Prescription for Vulnerable Mobile Health Apps: Protect APIs
When a security expert tested several dozen mobile health applications, all had API vulnerabilities that could leak personal information. This should be a warning call.