It’s time for episode number 2 of our video series called API Security With A Pinch Of Salt. In this episode, Adam, Chris and Ran dig into the topic of the importance of API documentation.
Today we kick off a video series called API Security With A Pinch Of Salt where we dig deep into API security. In this first episode, Adam, Chris and Ran tackle the topic of using API Gateways for Security.
I’m going to start off this post by pointing out the obvious just to get it out of the way: our way of life has changed permanently. With much of the outside world off-limits at the moment, we’ve become dependent upon the online world more than ever.
Bank robber Willie Sutton (1901-1980) did reasonably well making off with an estimated $2 million in illegal earnings throughout his career. He was a rash and resourceful robber who used disguises and trickery to achieve his ends. This included dressing as a policeman, window washer, maintenance man, bank guard, mover, Western Union messenger, and striped-pants diplomat.
Are you wondering what Salt Security does, what challenges we solve for, and how we do it? Check out this explainer video that answer all of those questions in just over one minute.
The Open Web Application Security Project has been around since 2001 and is best known for the OWASP Web Application Security Top 10 which has set the standard for how organizations have approached security to protect traditional web applications. The OWASP Top 10 projects are community driven and experts from across the community come together to put out an updated version of this flagship Top 10 list every 3 years with the current version released in 2017.
In college a good friend of mine got deeply involved in the martial art Aikido. Unlike other martial arts I was familiar with one of the things that stuck out for me was the concept of using an attacker’s momentum against them. Instead of directly attacking, the defender would wait for a move from their opponent, like a lunge, and harness that momentum to take control.
If you didn’t make it to OWASP Global AppSec Tel Aviv last month I wanted to share that the team recently published videos from the event...
OWASP Global AppSec 2019 happened recently in Tel Aviv and I was lucky enough to attend, present a few sessions, meet some new people and have lots of great conversations so I thought it would be good to do a writeup to share my thoughts about the event. First, let’s talk about why I attended.
From a previous post we know that today’s applications are different compared to what they were just a few years back and APIs are increasingly being used to power customer applications, connect with partners and drive microservices environments. Whether you realize it or not APIs are everywhere around us and they exchange sensitive data constantly, making them a rich target for attackers, which explains why we’ve seen a significant increase in attacks targeting APIs in recent years.