Salt Security Blog
Welcome to our blog about all things in and around the world of APIs and API Protection.
I’m going to start off this post by pointing out the obvious just to get it out of the way: our way of life has changed permanently.
With much of the outside world off-limits at the moment, we’ve become dependent upon the online world more than ever.
Whether you’re already a Salt Security customer or considering Salt Security to help you protect your critical applications and services from API attacks, we want you to know, we are committed to API security and have comprehensive plans in place to ensure the Salt Security API Protection Platform remains up and running to support our customers.
Bank robber Willie Sutton (1901-1980) did reasonably well making off with an estimated $2 million in illegal earnings throughout his career. He was a rash and resourceful robber who used disguises and trickery to achieve his ends. This included dressing as a policeman, window washer, maintenance man, bank guard, mover, Western Union messenger, and striped-pants diplomat.
The Open Web Application Security Project has been around since 2001 and is best known for the OWASP Web Application Security Top 10 which has set the standard for how organizations have approached security to protect traditional web applications. The OWASP Top 10 projects are community driven and experts from across the community come together to put out an updated version of this flagship Top 10 list every 3 years with the current version released in 2017.
In college a good friend of mine got deeply involved in the martial art Aikido. Unlike other martial arts I was familiar with one of the things that stuck out for me was the concept of using an attacker’s momentum against them. Instead of directly attacking, the defender would wait for a move from their opponent, like a lunge, and harness that momentum to take control.
At Salt Security one of our philosophies is to provide solutions that help simplify processes, and save time, rather than introduce additional complexities. This is especially important when it comes to security.
OWASP Global AppSec 2019 happened recently in Tel Aviv and I was lucky enough to attend, present a few sessions, meet some new people and have lots of great conversations so I thought it would be good to do a writeup to share my thoughts about the event. First, let’s talk about why I attended.
From a previous post we know that today’s applications are different compared to what they were just a few years back and APIs are increasingly being used to power customer applications, connect with partners and drive microservices environments. Whether you realize it or not APIs are everywhere around us and they exchange sensitive data constantly, making them a rich target for attackers, which explains why we’ve seen a significant increase in attacks targeting APIs in recent years.