Subscribe to the Salt blog

Privacy Policy

Learn about the Salt + CrowdStrike Falcon integration

Learn more
Posts  by
Stephanie Best
Director, Product Marketing
Subscribe to Salt blog

Understanding API Attacks: Why Are They Different and How Can You Stop Them

Salt has just released a new resource for business and security leaders – “Understanding API Attacks: Why Are They Different and How Can You Stop Them.”

Stephanie Best
July 20, 2023

State of API Security: Financial Services and Insurance

Salt Security releases its first industry-specific report on API security: the 2023 “State of API Security for Financial Services and Insurance.”

Stephanie Best
July 19, 2023

Australian Energy Leader Picks Salt for API Security!

Jemena, a leading energy company in Australia, has selected the Salt Security API Protection Platform to protect its critical gas and electricity infrastructure.

Stephanie Best
July 12, 2023

API10:2023 Unsafe Consumption of APIs

The unsafe consumption of APIs can lead to security breaches, exposing sensitive data, user credentials, or proprietary information, as attackers may exploit vulnerabilities in API usage to gain unauthorized access, execute arbitrary code, or perform unauthorized actions within the system.

Stephanie Best
June 6, 2023

API9:2023 Improper Inventory Management

Improper Inventory Management is the ninth security threat listed in the OWASP API Security Top 10. By exploiting this vulnerability, attackers can gain unauthorized access to sensitive data, or even gain full server access through old, unpatched or vulnerable versions of APIs.

Stephanie Best
June 6, 2023

API8:2023 Security Misconfiguration

There are certainly cases where security misconfiguration can be the result of something basic like a missing patch, but some misconfigurations are far stealthier and can be obscured by complex architectures.

Stephanie Best
June 6, 2023

API7:2023 Server Side Request Forgery

A Server Side Request Forgery (SSRF) API attack occurs when an attacker manipulates an API endpoint to make the targeted server perform unintended requests on behalf of the attacker.

Stephanie Best
June 6, 2023

API6:2023 Unrestricted Access to Sensitive Business Flows

This threat has replaced Mass Assignment as number 6 on the OWASP API Security Top 10 list. It occurs when an API exposes a business flow without compensating for how the functionality could cause harm if used excessively through automation.

Stephanie Best
June 6, 2023

API5:2023 Broken Function Level Authorization

Broken function level authorization (BFLA) has been identified as the fifth most critical threat to APIs in the OWASP API Security Top 10, and for good reason.

Stephanie Best
June 6, 2023

API4:2023 Unrestricted Resource Consumption

API requests consume resources such as network, CPU, memory, and storage. The amount of resources required to satisfy a request greatly depends on the input from the user and the business logic of the endpoint.

Stephanie Best
June 6, 2023

API3:2023 Broken Object Property Level Authorization

An API security solution must be able to identify and report on the large variety of sensitive data types that can be sent in API requests and responses, as well as any anomalous activity where attackers send manipulated API requests with unauthorized parameters.

Stephanie Best
June 6, 2023

API2:2023 Broken Authentication

Broken authentication is the second most critical API security threat listed in the OWASP API Security Top 10. Common examples of attacks targeting broken authentication include API enumeration and brute-forcing attacks that make high volumes of API requests with minor changes.

Stephanie Best
June 6, 2023

API1:2023 Broken Object Level Authorization (BOLA)

Failure to enforce authorization at the object level can lead to data exfiltration as well as unauthorized viewing, modification, or destruction of data.

Stephanie Best
June 6, 2023

OWASP API Security Top 10 2023 Explained

In this post and subsequent additions to the series, we dig into each of the Open Web Application Security Project (OWASP) API Security Top 10 in detail.

Stephanie Best
June 6, 2023

Better Together: Stopping API Attacks with Salt and AWS WAF

By becoming an AWS WAF Ready Partner, Salt can now help AWS WAF customers worldwide to accelerate the adoption of a holistic API security approach.

Stephanie Best
June 6, 2023

Salt Unveils Enhancements to AI Algorithms for API Security

Salt has extended its powerful AI algorithms capabilities, further strengthening the threat detection and API discovery abilities of the Salt Security API Protection Platform.

Stephanie Best
April 19, 2023

Get Smart(er) about the business value of API security

Salt has released a new ebook, “How Protecting Your APIs Protects Your Bottom Line," exploring some of the bottom-line gains leaders can point to while considering investing in API security.

Stephanie Best
March 7, 2023

Seven Takeaways from Gartner® 2022 Innovation Insight for API Protection

Gartner recently published a new Innovation Insight report for API protection. We thought it would be helpful to provide some key takeaways from the report, alongside some perspectives from our own research and conversations with customers.

Stephanie Best
January 10, 2023

Leveraging Google Cloud Packet Traffic Mirroring with Salt to Detect API Security Threats

It’s not enough to find and block attackers exploiting a vulnerability in your API. You will also want to remediate the security gap in your APIs.

Stephanie Best
November 4, 2022

What are API Attacks, Why They’re Different, and How to Stop Them

Why are we seeing such a constant stream of API-based attacks? Quite simply, APIs are lucrative for attackers.

Stephanie Best
October 31, 2022

API Gateway Security: What is it and is it Enough?

Learn what an API Gateway is and get a better understanding of how the various API tools can layer together to detect and prevent the most frequent API attacks.

Stephanie Best
October 27, 2022

Tags

API Attack Analysis
API Attack Methodology
API Attack Prevention
API Security 101
API Security Strategy
API Vulnerability Analysis
Awards
CISO
Company Updates
Compliance
Customers
Events
Financial Services
Insurance
OWASP API Top 10
Product Updates
Research
Salt Labs
Technology Partners
Video
Webinar
eBook

More Posts Authors

Clear filters