The API Security Blog | Salt Security

Featured Blogs

What is API Security? Your complete guide

What are API Attacks, Why They’re Different, and How to Stop Them

Traveling with OAuth - Account Takeover on Booking.com

OWASP API Security Top 10 2023 Explained

The State of the CISO 2023: Navigating Security Challenges Resulting from Today’s Digital-first Economy

Latest State of API Security report: 400% increase in attackers and more!

API6:2023 Unrestricted Access to Sensitive Business Flows

This threat has replaced Mass Assignment as number 6 on the OWASP API Security Top 10 list. It occurs when an API exposes a business flow without compensating for how the functionality could cause harm if used excessively through automation.

Stephanie Best

June 6, 2023

API5:2023 Broken Function Level Authorization

Broken function level authorization (BFLA) has been identified as the fifth most critical threat to APIs in the OWASP API Security Top 10, and for good reason.

Stephanie Best

June 6, 2023

API4:2023 Unrestricted Resource Consumption

API requests consume resources such as network, CPU, memory, and storage. The amount of resources required to satisfy a request greatly depends on the input from the user and the business logic of the endpoint.

Stephanie Best

June 6, 2023

API3:2023 Broken Object Property Level Authorization

An API security solution must be able to identify and report on the large variety of sensitive data types that can be sent in API requests and responses, as well as any anomalous activity where attackers send manipulated API requests with unauthorized parameters.

Stephanie Best

June 6, 2023

API2:2023 Broken Authentication

Broken authentication is the second most critical API security threat listed in the OWASP API Security Top 10. Common examples of attacks targeting broken authentication include API enumeration and brute-forcing attacks that make high volumes of API requests with minor changes.

Stephanie Best

June 6, 2023

API1:2023 Broken Object Level Authorization (BOLA)

Failure to enforce authorization at the object level can lead to data exfiltration as well as unauthorized viewing, modification, or destruction of data.

Stephanie Best

June 6, 2023

OWASP API Security Top 10 2023 Explained

In this post and subsequent additions to the series, we dig into each of the Open Web Application Security Project (OWASP) API Security Top 10 in detail.

Stephanie Best

June 6, 2023

Better Together: Stopping API Attacks with Salt and AWS WAF

By becoming an AWS WAF Ready Partner, Salt can now help AWS WAF customers worldwide to accelerate the adoption of a holistic API security approach.

Stephanie Best

June 6, 2023

Security Competency and More – Deepening our Ties with AWS

At Salt, we've deepened our ties to AWS in two compelling ways, by achieving AWS WAF Ready Status and earning AWS Security Competency.

Gilad Barzilay

May 31, 2023

Salt Wins UK Trophy for Best Cybersecurity Solution!

Salt Security has been named Cybersecurity Solution of the Year in the Prestigious National Technology Awards – our first award in the UK and a brilliant recognition!

Brett Robinson

May 26, 2023

Salt Labs exposes a new vulnerability in popular OAuth framework, used in hundreds of online services

This post details issues identified in a popular framework used by many online services to implement OAuth (as well as other functionality). Salt Labs findings show that services using this framework are susceptible to credentials leakage.

Aviad Carmel

May 24, 2023

More Kudos for Salt Leadership in Delivering API Security to Financial Services Firms!

Salt Security has been included in the CyberTech 100 list, which highlights the top companies in cybersecurity for financial services organizations.

Michelle McLean

May 11, 2023

Salt Makes Inc. 2023 Best Workplaces List!

Salt Security has been recognized for its strong corporate culture, robust benefits, and employee growth opportunities in the Inc. Magazine Best Workplaces List for 2023.

Renee Hollinger

May 9, 2023

Salt Security Wins Stevie® Award for Most Innovative Tech Company of the Year

Interest in API security is running at an all-time high, as more organizations recognize what Salt saw years ago, that APIs entirely upend the security playing field!

Michelle McLean

April 27, 2023

A Big Week at RSA – Hot Company in API Security, API Defenders on the Show Floor

Salt has been named a winner in the RSA Global InfoSec Awards for three consecutive years - now Hot Company in API Security!

Michelle McLean

April 24, 2023

Salt Unveils Enhancements to AI Algorithms for API Security

Salt has extended its powerful AI algorithms capabilities, further strengthening the threat detection and API discovery abilities of the Salt Security API Protection Platform.

Stephanie Best

April 19, 2023

Salt Heralded as a Forbes’ Best Startup Employer 2023!

Salt Security has been named in Forbes’ America’s Best Startup Employers 2023 list – the second consecutive year we’ve won!

Renee Hollinger

April 12, 2023

3 Ways AI Transforms Security

Because organizations can’t know every possible application logic flaw that exists when they put an API into production, these attacks can be extremely difficult to detect.

Roey Eliyahu

April 5, 2023

Subscribe to the Salt blog

Learn about the Salt + CrowdStrike Falcon integration

Salt Security blog

Welcome to our blog about all things in and around the world of APIs and API security.

Featured Blogs

API6:2023 Unrestricted Access to Sensitive Business Flows

API5:2023 Broken Function Level Authorization

API4:2023 Unrestricted Resource Consumption