Subscribe to the Salt blog

Privacy Policy

Learn about the Salt + CrowdStrike Falcon integration

Learn more
Posts Tagged

API Security 101

Subscribe to Salt blog

API10:2023 Unsafe Consumption of APIs

The unsafe consumption of APIs can lead to security breaches, exposing sensitive data, user credentials, or proprietary information, as attackers may exploit vulnerabilities in API usage to gain unauthorized access, execute arbitrary code, or perform unauthorized actions within the system.

Stephanie Best
Stephanie Best
June 6, 2023

API9:2023 Improper Inventory Management

Improper Inventory Management is the ninth security threat listed in the OWASP API Security Top 10. By exploiting this vulnerability, attackers can gain unauthorized access to sensitive data, or even gain full server access through old, unpatched or vulnerable versions of APIs.

Stephanie Best
Stephanie Best
June 6, 2023

API8:2023 Security Misconfiguration

There are certainly cases where security misconfiguration can be the result of something basic like a missing patch, but some misconfigurations are far stealthier and can be obscured by complex architectures.

Stephanie Best
Stephanie Best
June 6, 2023

API7:2023 Server Side Request Forgery

A Server Side Request Forgery (SSRF) API attack occurs when an attacker manipulates an API endpoint to make the targeted server perform unintended requests on behalf of the attacker.

Stephanie Best
Stephanie Best
June 6, 2023

API6:2023 Unrestricted Access to Sensitive Business Flows

This threat has replaced Mass Assignment as number 6 on the OWASP API Security Top 10 list. It occurs when an API exposes a business flow without compensating for how the functionality could cause harm if used excessively through automation.

Stephanie Best
Stephanie Best
June 6, 2023

API5:2023 Broken Function Level Authorization

Broken function level authorization (BFLA) has been identified as the fifth most critical threat to APIs in the OWASP API Security Top 10, and for good reason.

Stephanie Best
Stephanie Best
June 6, 2023

API4:2023 Unrestricted Resource Consumption

API requests consume resources such as network, CPU, memory, and storage. The amount of resources required to satisfy a request greatly depends on the input from the user and the business logic of the endpoint.

Stephanie Best
Stephanie Best
June 6, 2023

API3:2023 Broken Object Property Level Authorization

An API security solution must be able to identify and report on the large variety of sensitive data types that can be sent in API requests and responses, as well as any anomalous activity where attackers send manipulated API requests with unauthorized parameters.

Stephanie Best
Stephanie Best
June 6, 2023

API2:2023 Broken Authentication

Broken authentication is the second most critical API security threat listed in the OWASP API Security Top 10. Common examples of attacks targeting broken authentication include API enumeration and brute-forcing attacks that make high volumes of API requests with minor changes.

Stephanie Best
Stephanie Best
June 6, 2023

API1:2023 Broken Object Level Authorization (BOLA)

Failure to enforce authorization at the object level can lead to data exfiltration as well as unauthorized viewing, modification, or destruction of data.

Stephanie Best
Stephanie Best
June 6, 2023

OWASP API Security Top 10 2023 Explained

In this post and subsequent additions to the series, we dig into each of the Open Web Application Security Project (OWASP) API Security Top 10 in detail.

Stephanie Best
Stephanie Best
June 6, 2023

3 Ways AI Transforms Security

Because organizations can’t know every possible application logic flaw that exists when they put an API into production, these attacks can be extremely difficult to detect.

Roey Eliyahu
Roey Eliyahu
April 5, 2023

Latest State of API Security report: 400% increase in attackers and more!

The latest Salt Labs State of API Security report is out, and we’re excited to share with you some of the key findings.

Salt Labs
Salt Labs
March 29, 2023

Top Security Trends You Can Expect in 2023

Unfortunately, threats do not stop at API security. Today’s organizations – and the world – face inordinate security risks. What other threats and trends can we expect to see in the coming year?

Michael Nicosia
Michael Nicosia
March 28, 2023

Get Smart(er) about the business value of API security

Salt has released a new ebook, “How Protecting Your APIs Protects Your Bottom Line," exploring some of the bottom-line gains leaders can point to while considering investing in API security.

Stephanie Best
Stephanie Best
March 7, 2023

Mapping the MITRE ATT&CK Framework to API Security

In our new White Paper, we have taken a close look at the MITRE ATT&CK Enterprise Matrix – essentially a superset of all the matrices.

Nick Rago
Nick Rago
February 9, 2023

The Critical API Security Gaps in WAAPs

WAAPs are more advanced than WAFs, and play an important role in an organization’s larger API security strategy, but still don’t and can’t holistically solve the problem of API security.

Nick Rago
Nick Rago
February 1, 2023

4 Things to Know about Your Car and API Security

Technology has advanced incredibly fast in the automotive field, and manufacturers are developing new applications quickly to capitalize on the endless possibilities. But what about security?

Adam Fisher
Adam Fisher
January 18, 2023

External, Internal, Third-Party ... ALL Your APIs Need Security

Third-party APIs contribute to a sprawling API attack surface and can be a security risk if they are not properly inventoried, governed, tested, monitored, or maintained.

Nick Rago
Nick Rago
January 5, 2023

How Open Banking Changes The Attack Surface

To adopt open banking fully, consumers must trust the safety and security of their data, and to woo customers, banks must apply new security measures in this new digital banking world.

Roey Eliyahu
Roey Eliyahu
December 13, 2022

2023: Why API Security, Why Now?

Dr. Anton Chuvakin, security advisor at Office of the CISO, Google Cloud, joined our recent API Security Summit. Dr. Chuvakin’s session – co-hosted by Salt Security's Michelle McLean – provided an in-depth discussion on why API security has become a “now” problem.

Jennifer Dignum
Jennifer Dignum
December 2, 2022

Why CISOs Are Making API Security A Top Priority

The monetary growth opportunities promised by APIs are immense, but to harness them, CISOs must ensure the protection of their APIs.

Roey Eliyahu
Roey Eliyahu
November 29, 2022

What is PCI DSS 4.0 and why is API security such a critical component?

With the industry moving to microservices and API-driven applications, new security threats and attack vectors have emerged. The PCI Security Standards Council has worked to address these threats in its newest PCI DSS 4.0 standard.

Hadar Freehling
Hadar Freehling
November 22, 2022

Leveraging Google Cloud Packet Traffic Mirroring with Salt to Detect API Security Threats

It’s not enough to find and block attackers exploiting a vulnerability in your API. You will also want to remediate the security gap in your APIs.

Stephanie Best
Stephanie Best
November 4, 2022

What are API Attacks, Why They’re Different, and How to Stop Them

Why are we seeing such a constant stream of API-based attacks? Quite simply, APIs are lucrative for attackers.

Stephanie Best
Stephanie Best
October 31, 2022

Are You Haunted by Zombie, Shadow and Ghost APIs?

Zombies, Shadows, and Ghosts hide in plain sight as APIs in your infrastructure, quietly extending your attack surface, patiently waiting to be called upon by some black hat.

Nick Rago
Nick Rago
October 28, 2022

API Gateway Security: What is it and is it Enough?

Learn what an API Gateway is and get a better understanding of how the various API tools can layer together to detect and prevent the most frequent API attacks.

Stephanie Best
Stephanie Best
October 27, 2022

Top 6 API Security Questions Answered

Get all your API security questions answered and learn what’s needed to effectively protect your organization’s APIs across the entire API lifecycle.

Sara Tierno
Sara Tierno
October 18, 2022

3 Top Takeaways on API Security and Zero Trust

Salt Security's Roey Eliyahu and TAG Cyber's Ed Amoroso sat down together for a joint webinar on API security and zero trust. Check out the takeaways.

Jennifer Dignum
Jennifer Dignum
September 23, 2022

How to Protect APIs

As attackers have jumped on the API bandwagon, API threats have also changed, contributing further to the risks and demanding a new approach to protect APIs.

Nick Rago
Nick Rago
August 25, 2022

3 Industries at High Risk for API Security Breaches

The booming API ecosystem leaves some industries are more at risk than others. Financial services organizations, insurance companies and retail brands rise to the top.

Sara Tierno
Sara Tierno
July 14, 2022

Berkshire Bank Banks on Salt for API Protection

It’s cool to win banks as customers – it’s even more cool when they go public with the news!

Michelle McLean
Michelle McLean
June 1, 2022

4 Reasons Why Financial Services Companies Need Better API Security Now

In today’s digitalized financial services landscape, find out what's propelling an urgent need for better API security.

Jennifer Dignum
Jennifer Dignum
May 12, 2022

Salt Security: the API Force is Strong with this One

Only Salt Security, the industry’s only patented API security solution, can fully protect against the next generation of API attacks.

Ran Barth
Ran Barth
May 4, 2022

What is Account Takeover and 5 Best Practices to Prevent ATO

Account Takeover, or ATO, is a form of cybersecurity attack in which a cybercriminal steals usernames and passwords.

Yaniv Balmas
Yaniv Balmas
April 19, 2022

What is API Security? Your complete guide

Your complete guide to API Security, covering the OWASP API Security Top 10, the most common types of API attacks, best practices to reduce risk and how to deploy in production.

Michelle McLean
Michelle McLean
April 14, 2022

The Top 5 Myths in API Security

Salt Security describes and analyzes the top misconceptions that we’ve found people often have about their API security

Jennifer Dignum
Jennifer Dignum
April 12, 2022

How Thinking Like an Attacker can Improve your API Security

Sharing runtime insights to harden APIs brings a lot of value into the process. Listen to the API Security Summit on-demand.

Jennifer Dignum
Jennifer Dignum
March 23, 2022

4 Essential Steps to Implement Your Organization’s API Security

The Salt Security team recently achieved another milestone with the launch of the industry’s first API Security Summit.

Jennifer Dignum
Jennifer Dignum
March 17, 2022

4 Ways Today’s CISOs Must Address API Security

At our recent API Security Summit – the industry’s first summit dedicated entirely to API security – we had the opportunity to chat with six senior security executives about their approaches to protecting these vital assets.

Jennifer Dignum
Jennifer Dignum
March 10, 2022

Companies are Struggling Against a 681% Increase in API Attacks, the Latest “State of API Security” Report Shows

Salt Security releases the latest findings of its bi-annual report on API security trends

Salt Labs
Salt Labs
March 2, 2022

Wrestling with the Problem of API Sprawl

Dedicated API security tooling, and specifically platforms that provide full life cycle security capabilities, help organizations that are facing the problem of API sprawl.

Michael Isbitski
Michael Isbitski
February 17, 2022

Announcing the Salt API Security Maturity Model

The Salt API Security Maturity Model was created with simplicity in mind rather than the complexity that comes with hundreds of activities and measures.

Michael Isbitski
Michael Isbitski
January 28, 2022

API Security Best Practices

Salt Security has compiled a list of API security best practices based on field experience and customer feedback.

Jennifer Dignum
Jennifer Dignum
January 20, 2022

API Security Hits Gartner® Radar for “Predicts 2022”

Gartner just released a new report on API Security, Predicts 2022: APIs Demand Improved Security and Management.

Michelle McLean
Michelle McLean
January 18, 2022

Seven API Security Predictions for 2022

If 2022 is anything like 2021, we’ll see no shortage of API-related events this coming year. In no particular order of likelihood or preference, take a look at seven predictions for API security for 2022.

Michael Isbitski
Michael Isbitski
December 22, 2021

Recap: The 7 Biggest API Security Incidents in 2021

We’ve spotlighted the seven biggest API security incidents in 2021 that plagued many different companies of different sizes and across verticals and highlighted what we can take away from each event.

Michael Isbitski
Michael Isbitski
December 21, 2021

API Security for Dummies – and Smart People Too!

As part of our continuing mission here at Salt to educate the broader industry, our technical evangelist, Michael Isbitski, provides a comprehensive overview of the challenges and best practices in API security.

Michelle McLean
Michelle McLean
October 29, 2021

API Security Best Practices Checklist

This API Security Checklist will help you close the gaps in your API security strategy based on industry best practices.

Michael Isbitski
Michael Isbitski
September 20, 2021

Securing APIs With Salt Security Using Agentless Amazon VPC Traffic Mirroring

Our fully automated process makes it quick and easy to set up VPC Traffic Mirroring and enable advanced protection for all your AWS-based APIs.

Elad Koren
Elad Koren
September 9, 2021

REST API Security Best Practices

Follow these REST API security best practices to ensure the design of your REST APIs takes into account security, performance, and ease of use.

Michael Isbitski
Michael Isbitski
August 18, 2021

API Attacks up 348% in Six Months, per Latest “State of API Security” Report

The data makes it clear: more companies are suffering more API attacks than ever, and companies remain as ill-prepared as ever.

Salt Labs
Salt Labs
July 28, 2021

Insights into Gartner’s Tips for Protecting APIs

Recently Gartner analysts Mark O'Neill and Dionisio Zumerle teamed up on a webinar titled API Security: Protect your APIs from Attacks and Data Breaches. Read on for highlights, insights and perspective on the session covering API security.

Chris Westphal
Chris Westphal
July 26, 2021

Open Banking - Security Implications of the Global Trend

APIs are at the core of open banking, enabling financial institutions to standardize how they create and connect to an ecosystem of providers to exchange financial data. To a large degree, open banking has ushered in a democratization of banking across the globe and this has all been possible thanks to APIs.‍

Chris Westphal
Chris Westphal
June 30, 2021

5 Takeaways from Gartner Report: API Insights for Software Engineering Leaders

With the proliferation of APIs in all modern applications, understanding the ins and outs of APIs is more critical than ever.

Chris Westphal
Chris Westphal
June 18, 2021

Building API Context with a New Tech Talk Video Series

Today we’re kicking off a new tech talk video series called Building Context, where we’ll be covering a range of topics around APIs and API security.

Chris Westphal
Chris Westphal
April 23, 2021

MythBusters API Edition: Zero Trust and its limitations for API Security

Zero trust principles and the technologies that have emerged inevitably promote dynamic access control that is informed by application context, identity, and behaviors.

Michael Isbitski
Michael Isbitski
April 20, 2021

3 Reasons You Might Be Failing at API Security

As APIs have increased in prominence and as a target for attacks, organizations have become more aware of the need for proper security, but as with adopting any new technology, misconceptions persist about how to get it right.

Chris Westphal
Chris Westphal
April 15, 2021

Stopping API Attacks: Columbo, Correlation, and Context

Columbo was a master of context. The lieutenant was famous for his catchphrase “Just one more thing,” heard countless times by suspects as he chipped away at a case, gathering small, obscure pieces of the puzzle and putting them together to form the bigger picture and ultimately solve the case.

Chris Westphal
Chris Westphal
March 8, 2021

Lessons from the FinTech Trenches Securing APIs at Finastra

On a recent webinar with Security Boulevard, we were fortunate to host Nir Valtman, Finastra head of product and data security, to share insights into his API security journey. You can view the entire session on the Salt YouTube channel, and here are some of the highlights from the discussion.

Chris Westphal
Chris Westphal
February 19, 2021

Top Findings from Industry’s First State of API Security Report

Learn what pain points we uncovered as we set out to understand the state of API security – a critical window into broader enterprise security trends given that APIs underlie every revenue-generating application today.

Michelle McLean
Michelle McLean
February 3, 2021

Three API Security Challenges Every Security Professional Should Be Prepared For

Changes to APIs create new challenges for security teams. See what should be top of mind for any security professional tasked with protecting APIs.

Chris Westphal
Chris Westphal
December 23, 2020

APIs Have Changed – and They’re Changing the Security Landscape

The reality is, APIs today are very different from the web APIs of the early 2000s, and these changes impact the way we need to think about the API security landscape.

Chris Westphal
Chris Westphal
December 18, 2020

Securing APIs – It’s Different Than Securing Apps

I recently tuned into a CISO panel discussion and one of the panelists said something that struck me – “Application security today is less about the applications and more about the APIs.”

Chris Westphal
Chris Westphal
November 24, 2020

Is OAS Enough For API Security?

The OpenAPI Specification (OAS) is a way to describe and create API documentation. Learn some of the ways dev and security teams use the OAS and why it falls short when it comes to securing your APIs.

Chris Westphal
Chris Westphal
November 19, 2020

ITProTV Technado Podcast With Roey Eliyahu

Salt Security co-founder and CEO Roey Eliyahu joined the Technado Podcast this week to discuss arguably one of the most vulnerable things security teams often overlook: APIs.

Chris Westphal
Chris Westphal
October 30, 2020

What Are JWTs And Are They Vulnerable To Attacks?

In episode 5 of API Security With A Pinch Of Salt, we talk about JSON Web Tokens (JWTs), an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting info between parties as a JSON object.

Chris Westphal
Chris Westphal
August 28, 2020

What Can Attackers Do With API Vulnerabilities?

Episode number 4 of API Security With A Pinch Of Salt is here. In this episode Chris and Ran talk about what attackers are going after when they target APIs and what they can do if they find and successfully exploit a vulnerability.

Chris Westphal
Chris Westphal
August 4, 2020

WAFs, What Are They Good For?

Get ready for episode number 3 of our video series called API Security With A Pinch Of Salt. In this episode, Adam and Chris answer the question - WAFs, what are they good for?

Chris Westphal
Chris Westphal
July 16, 2020

The Importance Of API Documentation

It’s time for episode number 2 of our video series called API Security With A Pinch Of Salt. In this episode, Adam, Chris and Ran dig into the topic of the importance of API documentation.

Chris Westphal
Chris Westphal
June 25, 2020

Securing API Gateways - Pros and Cons

Today we kick off a video series called API Security With A Pinch Of Salt where we dig deep into API security. In this first episode, Adam, Chris and Ran tackle the topic of using API Gateways for Security.

Chris Westphal
Chris Westphal
May 6, 2020

Protecting Digital Platforms – What I’m Hearing From CISOs

In light of accelerated transformation, digital platforms are now a more critical part of our lives and I’m thankful for the companies that continue to provide these services. Had we seen a similar situation 15 or 20 years back, how would we have managed?

Roey Eliyahu
Roey Eliyahu
April 7, 2020

Salt Security API Protection Explained

Are you wondering what Salt Security does, what challenges we solve for, and how we do it? Check out this explainer video that answer all of those questions in just over one minute.

Chris Westphal
Chris Westphal
February 11, 2020

What Is The OWASP API Security Top 10

The Open Web Application Security Project has been around since 2001 and is best known for the OWASP Web Application Security Top 10 which has set the standard for how orgs have approached security to protect traditional web applications.

Chris Westphal
Chris Westphal
October 8, 2019

How Martial Arts Can Help You Eliminate API Vulnerabilities

In college, a good friend of mine got deeply involved in the martial art Aikido and instead of directly attacking, the defender would wait for a move from their opponent, like a lunge, and harness that momentum to take control.

Chris Westphal
Chris Westphal
August 21, 2019

How to Control Top API Security Risks

Whether you realize it or not APIs are everywhere around us and they exchange sensitive data constantly, making them a rich target for attackers, which explains why we’ve seen a significant increase in attacks targeting APIs in recent years.

Chris Westphal
Chris Westphal
April 4, 2019

How Modern Web Applications Changed the Way Enterprises Should Handle Security

The non-stop news of security breaches in recent years underscores a growing realization that organizations need to fundamentally rethink the way they protect their applications and data.

Roey Eliyahu
Roey Eliyahu
March 21, 2019

API Protection – What You Need To Know In The New API Economy

Technology is constantly evolving. We’ve seen this in recent years in the way applications are developed (e.g. CI/CD), delivered (e.g. microservices and cloud), and consumed (e.g. more SaaS and mobile devices).

Salt
Salt
November 14, 2018

Tags

API Attack Analysis
API Attack Methodology
API Attack Prevention
API Security 101
API Security Strategy
API Vulnerability Analysis
Awards
CISO
Company Updates
Compliance
Customers
Events
Financial Services
Insurance
OWASP API Top 10
Product Updates
Research
Salt Labs
Technology Partners
Video
Webinar
eBook
Clear filters

Posts by

Adam Fisher
Ahuvy Mrad
Aviad Carmel
Brett Robinson
Chris Westphal
Elad Koren
Eran Atias
Gilad Barzilay
Gilad Gruber
Hadar Freehling
Jennifer Dignum
Jon Peppler
Mandy Kelley
Michael Isbitski
Michael Nicosia
Michael Porat
Michelle McLean
Nick Rago
Ori Bach
Ran Barth
Renee Hollinger
Roey Eliyahu
Salt
Salt Labs
Salt Technical Engineering
Sara Tierno
Shiran Yodev
Stephanie Best
Sunil Dutt
Technical Engineering
Yaniv Balmas