Maintaining a complete, up to date API inventory with accurate documentation is critical to understanding potential exposure and risk.
We here at Salt are excited to share that our company and industry-first API security platform have earned us three major kudos.
Injection flaws are very common in the web application space, and they carry over to web APIs.
This issue is a catch-all for a wide range of security misconfigurations that often negatively impact API security as a whole and introduce vulnerabilities inadvertently.
API security solutions must be able to identify anomalous API activity where attackers send manipulated API requests with unauthorized parameters.
API security solutions must be able to identify and prevent attackers or unauthorized users from accessing administrative level capabilities or unauthorized functionality.
On a recent webinar with Security Boulevard, we were fortunate to host Nir Valtman, Finastra head of product and data security, to share insights into his API security journey. You can view the entire session on the Salt YouTube channel, and here are some of the highlights from the discussion.
API requests consume resources such as network, CPU, memory, and storage. The amount of resources required to satisfy a request greatly depends on the input from the user and the business logic of the endpoint.
Exploitation of Excessive Data Exposure is simple, and is usually performed by sniffing the traffic to analyze the API responses, looking for sensitive data exposure that should not be returned to the user.
Learn what pain points we uncovered as we set out to understand the state of API security – a critical window into broader enterprise security trends given that APIs underlie every revenue-generating application today.
Authentication in APIs is a complex and confusing topic. Software and security engineers might have misconceptions about what the boundaries of authentication are and how to correctly implement it.
In this post and subsequent additions to the series, we dig into each of the Open Web Application Security Project (OWASP) API Security Top 10 in detail.
While the shutdown of Parler remains politically charged, the event offers some valuable technical lessons worth reviewing, many of which tie directly into API security and how best to protect sensitive data.
Yes, that’s a vain attempt at an API joke and not your browser having issues. I wanted to draft this post to shed some light...
Changes to APIs create new challenges for security teams. See what should be top of mind for any security professional tasked with protecting APIs.
The reality is, APIs today are very different from the web APIs of the early 2000s, and these changes impact the way we need to think about the API security landscape.
We set out to empower customer success and innovation by securing every API. On the heels of our Series A funding, we’ve raised a $30 million B round, led by Sequoia Capital, with Carl Eschenbach joining our board.
I recently tuned into a CISO panel discussion and one of the panelists said something that struck me – “Application security today is less about the applications and more about the APIs.”
The OpenAPI Specification (OAS) is a way to describe and create API documentation. Learn some of the ways dev and security teams use the OAS and why it falls short when it comes to securing your APIs.
Organizations are working hard to “shift left” with security and improve the security of code. Learn why in APIs, improving security during build and initial deployment cannot provide the full answer.
Salt Security co-founder and CEO Roey Eliyahu joined the Technado Podcast this week to discuss arguably one of the most vulnerable things security teams often overlook: APIs.
In episode 5 of API Security With A Pinch Of Salt, we talk about JSON Web Tokens (JWTs), an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting info between parties as a JSON object.
Episode number 4 of API Security With A Pinch Of Salt is here. In this episode Chris and Ran talk about what attackers are going after when they target APIs and what they can do if they find and successfully exploit a vulnerability.
Get ready for episode number 3 of our video series called API Security With A Pinch Of Salt. In this episode, Adam and Chris answer the question - WAFs, what are they good for?
It’s time for episode number 2 of our video series called API Security With A Pinch Of Salt. In this episode, Adam, Chris and Ran dig into the topic of the importance of API documentation.
You always think the tech you’re working on is cool, but when Gartner names you a Cool Vendor, you know you’ve delivered a powerful solution.
Today we kick off a video series called API Security With A Pinch Of Salt where we dig deep into API security. In this first episode, Adam, Chris and Ran tackle the topic of using API Gateways for Security.
In light of accelerated transformation, digital platforms are now a more critical part of our lives and I’m thankful for the companies that continue to provide these services. Had we seen a similar situation 15 or 20 years back, how would we have managed?
Whether you’re already a Salt Security customer or considering Salt Security to help you protect your critical applications and services from API attacks, we are committed to API security and have comprehensive plans in place to ensure the Platform remains up and running to support our customers.
Bank robber Willie Sutton (1901-1980) did reasonably well making off with an estimated $2 million in illegal earnings throughout his career. He was a rash and resourceful robber who used disguises and trickery to achieve his ends.
Are you wondering what Salt Security does, what challenges we solve for, and how we do it? Check out this explainer video that answer all of those questions in just over one minute.
Imagine you’re on ICQ one night, and you see this dude jumping into your chat room. Before long the two of you start to argue like a couple of schoolgirls and the “dude” says that he’s gonna burn you, so you challenge him to bring it on!
The Open Web Application Security Project has been around since 2001 and is best known for the OWASP Web Application Security Top 10 which has set the standard for how orgs have approached security to protect traditional web applications.
In college, a good friend of mine got deeply involved in the martial art Aikido and instead of directly attacking, the defender would wait for a move from their opponent, like a lunge, and harness that momentum to take control.
At Salt Security one of our philosophies is to provide solutions that help simplify processes, and save time, rather than introduce additional complexities. This is especially important when it comes to security.
If you didn’t make it to OWASP Global AppSec Tel Aviv last month I wanted to share that the team recently published videos from the event...…you can check out the entire lineup of 44 videos in the playlist here.
OWASP Global AppSec 2019 happened recently in Tel Aviv and I was lucky enough to attend, present a few sessions, meet some new people and have lots of great conversations.
Whether you realize it or not APIs are everywhere around us and they exchange sensitive data constantly, making them a rich target for attackers, which explains why we’ve seen a significant increase in attacks targeting APIs in recent years.
The non-stop news of security breaches in recent years underscores a growing realization that organizations need to fundamentally rethink the way they protect their applications and data.
RSA Conference 2019 is just a week away and we couldn’t be more excited. 2019 has been a big year for us already and we continue the momentum with RSAC 2019.
Confidence is important when you decide to engage with a vendor. You want to know that vendor is able to deliver the service and you want to have confidence that your data is secure in their hands (or cloud as the case may be).
Most app security engineers I’ve met have settled down and found their special one. They stick with that one, stay committed, and never have a second thought about another. I’m talking about Burp and Fiddler.
You’ve probably seen the news about the USPS vulnerability where an attacker with simple access to usps.com, an understanding of the API logic, and no special tools could easily manipulate that logic to get a dump of data.