Technology has advanced incredibly fast in the automotive field, and manufacturers are developing new applications quickly to capitalize on the endless possibilities. But what about security?
Relying on WAFs alone for API protection is insufficient and leaves companies vulnerable.
Gartner recently published a new Innovation Insight report for API protection. We thought it would be helpful to provide some key takeaways from the report, alongside some perspectives from our own research and conversations with customers.
Over the last several years, attackers have changed their tactics, focused on identifying and exploiting business logic gaps by manipulating and abusing APIs.
The monetary growth opportunities promised by APIs are immense, but to harness them, CISOs must ensure the protection of their APIs.
With the industry moving to microservices and API-driven applications, new security threats and attack vectors have emerged. The PCI Security Standards Council has worked to address these threats in its newest PCI DSS 4.0 standard.
It’s not enough to find and block attackers exploiting a vulnerability in your API. You will also want to remediate the security gap in your APIs.
Insights regarding two new vulns that have been uncovered in the OpenSSL library – CVE-2022-3602 and CVE-2022-3786. These vulnerabilities affect OpenSSL.
Why are we seeing such a constant stream of API-based attacks? Quite simply, APIs are lucrative for attackers.
Zombies, Shadows, and Ghosts hide in plain sight as APIs in your infrastructure, quietly extending your attack surface, patiently waiting to be called upon by some black hat.
Salt Security's Roey Eliyahu and TAG Cyber's Ed Amoroso sat down together for a joint webinar on API security and zero trust. Check out the takeaways.
As attackers have jumped on the API bandwagon, API threats have also changed, contributing further to the risks and demanding a new approach to protect APIs.
Account Takeover, or ATO, is a form of cybersecurity attack in which a cybercriminal steals usernames and passwords.
At our recent API Security Summit – the industry’s first summit dedicated entirely to API security – we had the opportunity to chat with six senior security executives about their approaches to protecting these vital assets.
Salt Security releases the latest findings of its bi-annual report on API security trends
Salt Security has compiled a list of API security best practices based on field experience and customer feedback.
If 2022 is anything like 2021, we’ll see no shortage of API-related events this coming year. In no particular order of likelihood or preference, take a look at seven predictions for API security for 2022.
We’ve spotlighted the seven biggest API security incidents in 2021 that plagued many different companies of different sizes and across verticals and highlighted what we can take away from each event.
Salt Labs researchers investigated a large B2B FinTech platform that offers financial services in the form of API-based mobile apps and SaaS to SMB and commercial brands.
Evaluating and selecting API security tooling is critical as part of API security strategy and mitigating API attacks.
Salt Labs researchers investigated a large business-to-consumer (B2C) online platform that provides API-based mobile applications and software as a service to millions of users globally.
Salt Security streamlines API security with automated protection for TripActions
In episode 5 of API Security With A Pinch Of Salt, we talk about JSON Web Tokens (JWTs), an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting info between parties as a JSON object.
Episode number 4 of API Security With A Pinch Of Salt is here. In this episode Chris and Ran talk about what attackers are going after when they target APIs and what they can do if they find and successfully exploit a vulnerability.