Dedicated API security tooling, and specifically platforms that provide full life cycle security capabilities, help organizations that are facing the problem of API sprawl.
The Salt API Security Maturity Model was created with simplicity in mind rather than the complexity that comes with hundreds of activities and measures.
Salt Security has compiled a list of API security best practices based on field experience and customer feedback.
If 2022 is anything like 2021, we’ll see no shortage of API-related events this coming year. In no particular order of likelihood or preference, take a look at seven predictions for API security for 2022.
We’ve spotlighted the seven biggest API security incidents in 2021 that plagued many different companies of different sizes and across verticals and highlighted what we can take away from each event.
Evaluating and selecting API security tooling is critical as part of API security strategy and mitigating API attacks.
This API Security Checklist will help you close the gaps in your API security strategy based on industry best practices.
REST APIs are one of the most common kinds of web services in use today. It’s imperative to design REST APIs properly, taking into account security, performance, and ease of use for REST API consumers.
Credential stuffing is a type of cybersecurity attack in which hackers use lists of stolen user credentials to breach into a system.
The latest executive order (EO) zones in on a few areas of cybersecurity, but a primary focus is software supply chain security after incidents such as the SolarWinds attack
Researchers found Peloton APIs were leaking PII. Learn how to avoid this with your APIs.
While it is technically true that Experian’s systems weren’t directly breached, private data was most certainly leaked
Establishing and gaining adoption of secure build pipeline approaches is a multi-year endeavor for organizations.
Zero trust principles and the technologies that have emerged inevitably promote dynamic access control that is informed by application context, identity, and behaviors.
Salt Security is combining efforts with MuleSoft to bring best-of-breed API security to the market leader in API management and integration, the MuleSoft Anypoint Platform.
Our discussion focuses on steps you can take for better API security, and we also include some interesting mobile security and cloud security aspects.
Insufficient logging and monitoring combined with missing or ineffective integration with incident response, allows attackers to perform reconnaissance, exploit or abuse APIs, compromise systems, maintain persistence, advance attacks, and move laterally across environments without being detected.
Maintaining a complete, up to date API inventory with accurate documentation is critical to understanding potential exposure and risk.
Injection flaws are very common in the web application space, and they carry over to web APIs.
This issue is a catch-all for a wide range of security misconfigurations that often negatively impact API security as a whole and introduce vulnerabilities inadvertently.
API security solutions must be able to identify anomalous API activity where attackers send manipulated API requests with unauthorized parameters.
API security solutions must be able to identify and prevent attackers or unauthorized users from accessing administrative level capabilities or unauthorized functionality.
API requests consume resources such as network, CPU, memory, and storage. The amount of resources required to satisfy a request greatly depends on the input from the user and the business logic of the endpoint.
Exploitation of Excessive Data Exposure is simple, and is usually performed by sniffing the traffic to analyze the API responses, looking for sensitive data exposure that should not be returned to the user.
Authentication in APIs is a complex and confusing topic. Software and security engineers might have misconceptions about what the boundaries of authentication are and how to correctly implement it.
APIs often expose endpoints that handle object identifiers, creating a wide potential attack surface. Object level authorization is an access control mechanism usually implemented at the code level to validate a user’s ability to access a given object.
In this post and subsequent additions to the series, we dig into each of the Open Web Application Security Project (OWASP) API Security Top 10 in detail.
While the shutdown of Parler remains politically charged, the event offers some valuable technical lessons worth reviewing, many of which tie directly into API security and how best to protect sensitive data.