Google launched a preview version of a service called Advanced API Security aimed at helping organizations combat growing threats targeting application programming interfaces (APIs). The goal of the service, built on the API management platform Apige…
Tag: API security
Europe, Global Security News, North America
Feeble APIs = Feeble app security
by Jeff Williams, Co-Founder, Chief Technology Officer •
Your apps are only as secure as each one of your scores of APIs.
The post Feeble APIs = Feeble app security appeared first on Security Boulevard.
Global Security News, North America
Properly securing APIs is becoming increasingly urgent
by Help Net Security •
Imperva released a new study that uncovers the rising global costs of vulnerable or insecure APIs. The analysis of nearly 117,000 unique cybersecurity incidents estimates that API insecurity results in $41-$75 billion of losses annually. The study, con…
Europe, Global Security News, North America
How to Use API Schema to Improve API Protection
by Tom Hickman •
What Is an API Schema? The RESTful API design pattern is in use by an overwhelming majority of enterprise software projects that rely on machine-to-machine communication. The OpenAPI Standard, now in its third revision–OAS3–defines the functionality b…
Europe, Global Security News, North America
Update on Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)
by wlrmblog •
Background On June 20, 2022 Spring released Spring Data MongoDB 3.4.1 and 3.3.5 to address a critical CVE report: CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods. This vulnerability…
Europe, Global Security News, North America
Why the Long View Matters in API Attack Protection
by Bret Settle •
In API attack protection, context is key. The old-school method of looking for attack signatures then swatting away threats as they emerge will not be effective against contemporary API attacks. Attackers are sophisticated, stealthy, and patient: API a…
Europe, Global Security News, North America, Vulnerabilities
Radware Survey Reveals API Security Weaknesses
by Michael Vizard •
A survey published today suggests there is a disconnect between the perceived and actual level of security being applied to application programming interfaces (APIs). The survey polled 203 IT professionals in Europe, Asia and North America from organi…
Europe, Global Security News, North America
The Danger of API Security Overconfidence: Four Takeaways from Radware’s 2022 State of API Security Survey
by Prakash Sinha •
A short list of the companies that have suffered recent API-related breaches are a who’s-who of the global technology brain trust: Microsoft, Venmo, Equifax, Instagram, Facebook, Amazon, PayPal, and many others. If even these tech-savvy organizations …
Europe, Global Security News, North America, Vulnerabilities
Noname Security Expands API Security Platform
by Michael Vizard •
Noname Security has updated its platform for securing application programming interfaces (APIs) to make it possible to discover them in seconds and then automatically remediate vulnerabilities when discovered. In addition, Noname API Security Platform…
Global Security News, North America
API security warrants its own specific solution
by Help Net Security •
Application programming interfaces (APIs) enable developers to quickly and easily roll-out services but they’re also equally attractive to attackers. This is because they can provide ready access to back-end systems and sensitive data sets. What makes …
Global Security News, North America
Top three most critical areas of web security
by Help Net Security •
Akamai Technologies revealed three research reports at the RSA Conference 2022, focusing on three of the most critical areas of web security: ransomware, web applications and APIs, and DNS traffic. Analyzing trillions of data points across its multiple…
Europe, Global Security News, North America
IOCs in your APIs
by Jason Kent •
When our customers engage the CQ Prime Threat Research Team for help, it is typically driven by some sort of compelling event. It may have been a potential compliance issue from an exposed API, an aggressive Account Take Over or Shopping Bot attack. In…
Europe, Global Security News, North America
3 Reasons Why API Security Issues Are Growing
by Guest Author •
In September 2018, Facebook discovered an API loophole leveraged by cyber criminals to expose the information of over 50 million users. This incident and many others clarified that not considering Application Programming Interface (API) security is a r…
Europe, Global Security News, North America
Unified API Protection – A Solution Whose Time Has Come
by Ameya Talwalkar •
Unknown, Unprotected, Unmitigated API Risk Application Programming Interfaces (API) are the glue that make mobile and web applications work. And their use is exploding. Driven by user expectations of smooth and engaging application experiences, APIs ha…
Europe, Global Security News, North America
Unified API Protection: Making Today’s API Landscape Secure
by Varun Kohli •
A massive segment of organizations’ digital footprint today is built around APIs, internal and external. As more IT leaders are realizing and acknowledging the size of APIs’ influence, it’s become clear that new methods are needed to make those APIs se…
Europe, Global Security News, North America
Discover Public API Attack Surface with new API Spyder
by Subbu Iyer •
Today, we are proud to announce the availability of API Spyder, the newest addition to the Cequence Unified API Protection (UAP) solution. API Spyder is the newest offering in the Cequence Unified API Protection solution. The Cequence Unified API Prote…
Europe, Global Security News, North America
New Research Confirms Need for End-to-End API Security
by Matt Keil •
Up until just a few years ago, web applications were the dominant platform for all things digital and APIs were tools used to address development corner cases. Driven by mobile device ubiquity, the adoption of the cloud, and the move towards agile, mor…
Security Bloggers, Security Vendor News
A Problem Like API Security: How Attackers Hack Authentication
by Tripwire Guest Authors •
There is a sight gag that has been used in a number of movies and TV comedies that involves an apartment building lobby. It shows how people who don’t live there, but who want to get in anyway, such as Girl Guides looking to sell cookies to the tenants…
Europe, Global Security News, North America
Get API Protection Best Practices With “The Definitive Guide to API Attack Protection”
by Suzanne Ciccone •
In recent months, we’ve been fielding a lot of questions about API security from our prospects and customers. We know it’s top of mind for many security professionals today, and it’s why we were thrilled to help play a role in creating The Definitive G…
Europe, Global Security News, North America
RSAC 2022 – The Year of API Security
by ferrisbuller •
Not only is RSAC back in person, but API security is coming to the forefront. Wallarm, the G2 leader in Application Security, is thrilled to be back at RSAC where we will show off all of our new API Security capabilities and tools since we last saw eve…
Europe, Global Security News, North America
What is OpenAPI and how does it affect API security?
by Matt Keil •
When it comes to application development via APIs, there are a few questions that can determine both the quality of the resulting code and the security posture of the applications in production. One such question: Does your organization use a common AP…
Security Vendor News
3 Recommendations to Ensure Your API Security Solution can Drive Data Visibility and Quality
by Bruce Lynch •
Today at least 90% of developers are using APIs in cloud-native web application development. According to new data collected by Forrester Research and presented in their report, Improve API Performance with a Sound API Security Strategy, 62 percent of IT decision makers believe the value they gain from APIs is worth the adoption process so […]
The post 3 Recommendations to Ensure Your API Security Solution can Drive Data Visibility and Quality appeared first on Blog.
Europe, Global Security News, North America
API Security and Cloud: What you Need to Know
by Ross Moore •
The internet is much like a shopping mall—intended to be open. And because it is designed to be open to the public, there’s little to stop anyone from entering. Security guards and law enforcement are present, but even several officers in 800,00…
Europe, Global Security News, North America
The Rise of APIs and Risks of API Security
by Matt Graves •
Some strange phrases have become cultural touchstones: “Hey, Siri,” “Hey, Alexa,” and “Hey, Google.” If you’ve ever uttered any of these phrases to ask for directions, play a song or find out the score of a game then you’ve used an API—an application …
Europe, Global Security News, North America
State of API Security Activity
by The CQ Prime Team •
A recap of API threat statistics and unique threat patterns observed by the Cequence CQ Prime Threat Research Team. Summary of Key Findings Unusual uptick in traffic from China spiking at a 200% increase User-experience business logic was abused to com…
Europe, Global Security News, North America
Using an API Security Checklist: What Should You Look For?
by Matt Keil •
What is the true definition of API security? This is an important question for IT security leaders to ponder, because of the explosion in API usage in recent years, but if you ask 10 tech stakeholders, you’ll receive 10 different answers. No matter the…
Europe, Global Security News, North America
Evasive Bots Drive Online Fraud – 2022 Imperva Bad Bot Report
by Erez Hasson •
The 2022 Imperva Bad Bot Report is now available. The report is the ninth annual in-depth analysis of bot traffic, created with data collected from Imperva’s global network throughout the past year by the Imperva Threat Research Team. Bad bots are soft…
Europe, Global Security News, North America
Two critical security flaws found in Nginx-Ingress controller
by Ivanwallarm •
Ingress controllers allow users to configure an HTTP load balancer for applications running on Kubernetes. It’s needed to serve those applications to clients outside of the Kubernetes Cluster. It’s also configured with Kubernetes API to deploy objects …
Europe, Global Security News, North America
CVE-2022-1388: Critical security vulnerabilities in F5 Big-IP allows attackers to execute arbitrary code
by Ivanwallarm •
On May 5, 2022, MITRE published CVE-2022-1388, an authentication bypass vulnerability in the BIG-IP modules affecting the iControl REST component. The vulnerability was assigned a CVSSv3 score of 9.8 The vulnerability was discovered internally by the F…
Security Vendor News
Forrester Report Reveals the 5 Benefits IT Teams Really Need from API Security Tools
by Bruce Lynch •
An Application Programming Interface (API) is a software intermediary that allows applications to communicate with one another. APIs provide routines, protocols, and tools for developers to facilitate and accelerate the creation of software applications. They enable applications to easily access and share data. APIs connect Web-based applications and other services or platforms, such as social […]
The post Forrester Report Reveals the 5 Benefits IT Teams Really Need from API Security Tools appeared first on Blog.
Europe, Global Security News, North America
Threat Advisory: New Log4j Exploit Demonstrates a Hidden Blind Spot in the Global Digital Supply Chain
by The CQ Prime Team •
While helping our customers validate their patching efforts, the CQ Prime Threat Research team found additional unpatched servers with the Log4j vulnerability hidden within their digital supply chain, dubbed LoNg4j. The Risks The Log4j vulnerability is…
Europe, Global Security News, North America
Think Like an Attacker: How to Add Security Into API and App Development
by Austin Jones •
I’m not a security professional; I’m an engineer. But when you work at a startup, you often need to be both. I’ve worked at several startups over the years, and have discovered ways to shift my engineering mindset to include a security focus and to inc…
Europe, Global Security News, North America
What’s New: Cequence API Security Platform Further Advances End-to-End Vulnerability and Automated Attack Mitigation
by Subbu Iyer •
The Cequence API Security platform v5.1 release combines the Bot Defense and API Sentinel capabilities into a single integrated release and adds new capabilities to streamline administration and enhance API vulnerability and automated bot attack mitiga…
Europe, Global Security News, North America
API Security is Necessary to Stop Threats that WAFs and Bot Protection Cannot
by Bruce Lynch •
Today, there are still API security threats that most WAFs and Advanced Bot Protection solutions cannot manage. In this post, we’ll explain these new types of threats and make some recommendations for features you need within solutions to protect your …
Europe, Global Security News, North America
ThreatX Update Provides More Visibility Into API Security
by Michael Vizard •
ThreatX today expanded its namesake platform for protecting application programming interfaces (APIs) to provide increased visibility into the size of the attack surface and the scope of the attacks being launched against APIs. In addition, the latest…
Europe, Global Security News, North America
Announcing New ThreatX API Protection Capabilities
by Bret Settle •
We’re pleased to announce that we have expanded and enhanced our API protection capabilities to give customers better protection and better visibility into their API attack surface. The new capabilities will give customers: Deeper insight into the sc…
Global Security News, North America
41% of businesses had an API security incident last year
by Help Net Security •
In the wake of the digital transformation wave, web application program interfaces (APIs) have experienced exponential growth as the rise of integrated web and mobile-based offerings requires significantly more data sharing across products. As dependen…
Security Vendor News
Reading the API Security Tea Leaves for 2022
by Lebin Cheng •
Just as the global pandemic persists in redefining the new norm, so has enterprises’ growing investments in digital transformation initiatives to keep one step ahead of their competitors. APIs are the engine that are helping drive these digital transformations from the innovation of new services across multiple platforms to the always-on challenge of services supported […]
The post Reading the API Security Tea Leaves for 2022 appeared first on Blog.
Security Vendor News
APIs Are Here to Stay, so Get in Front of Securing Them
by Bruce Lynch •
A recent IDC survey reported that 38 percent of organizations identified cybersecurity threats and regulations as the factor having the greatest impact on their technology investment planning over the next two years. The survey also revealed that for organizations taking a digital-first business approach, unifying security was cited most frequently as their principal motivation. This […]
The post APIs Are Here to Stay, so Get in Front of Securing Them appeared first on Blog.
Europe, Global Security News, North America
Growing Attacks Underscore the Importance of API Security
by Kayleigh Bridges •
Similar to how a mobile app is an application which runs on a smartphone, a web app refers to a software application that carries out a particular function using a web browser for a client. The first web applications date back decades, long before the …