Fostering an Internal Culture of Security
API security is a common subject, and for a good reason — as the average user becomes more adept at utilizing more powerful systems than ever before to complete incredible tasks, the old methods of...
View ArticleeBook Released: Securing the API Stronghold
We’re very pleased to announce the release of our new eBook Securing the API Stronghold: The Ultimate Guide to API Security. Visit our eBooks page today to grab a FREE copy. Or, download to your Kindle...
View ArticleWorld War API: Cyberattacks on the International Scale
The world is changing. What was once fought on battlefields with physical weapons is quickly transitioning online, with groups of individuals and even entire nations utilizing the internet to disrupt...
View ArticleWorld War API: Understanding the Enemy
The virtual world stage is ever evolving, and unfortunately, the physical conflicts of yesterday are quickly becoming the digital conflicts of today. States, groups, and individuals are poised to wage...
View ArticleWalkthrough of APIware’s Sapience API Security Validation Tool
These days, APIs need to be strong. They need to be versatile to change, and must triumph in the face of malicious schemes hackers use to disrupt core systems. But how does a provider consistently...
View ArticleHow Pokémon Go Fans Hacked ‘Em All: And How to Prevent Similar...
Every developer hopes for huge user bases populated by large amounts of monthly users. People using an application to its potential in the thousands, if not hundreds of thousands, is a dream come true....
View Article5 Ways To Hack An API (And How To Defend)
API hacking is, unfortunately, part of the modern API landscape. Whenever you have resources exposed to the greater internet, those resources are going to be attacked in some way. Thankfully, half of...
View Article8 APIs For Two-Factor Authentication
Every year we see more and more high-profile data breaches. In 2019, companies reported over 3,800 data breaches, and 4.1 billion records were accessed. These included records from major financial...
View Article5 Ways APIs Can Improve Your Security
In an increasingly connected digital sphere, the API economy is no longer just a management challenge. Rather, the API economy has become a crucial part of cybersecurity efforts. APIs can provide...
View ArticleWhat is OpenID Connect?
In a world increasingly connected by APIs, the role of identity has never been more important. There are different ways that API providers can grant access to data for applications on behalf of users,...
View ArticleOpenID Connect: Overview of Financial-grade API (FAPI) Profile
Open banking continues to be a subject of keen interest in financial services, reaching “buzz word” status over the last few years. We’ve covered the growth of the ecosystem on the blog several times...
View ArticleWhen Zero Is Better Than One: Zero-Trust Architecture
The traditional approach to security has focused on establishing the perimeter system. The protective measures were aimed at preventing unauthorized users from gaining access to the corporate network....
View ArticleHow to Mitigate Risk Through API Security Testing
Companies have increased their reliance on APIs to boost their business models because they offer more integration, efficiency, and personalization. However, as organizations rapidly rise to adopt...
View ArticleBad Bots and the Dark Side of APIs
At the back end of 2021, the Stopping Grinch Bots Act bill was proposed in the US. The bill aims to target so-called “bad bot” traffic which, according to cybersecurity firm Imperva accounted for 25%...
View ArticleWhat Is OAuth 2.0 and What Is It Good For?
API authorization and authentication are not as straightforward as they once were. In fact, they aren’t even the same thing despite sounding virtually identical. We’ve been mentioning OAuth quite a bit...
View ArticleSecuring the Kubernetes API Server: Critical Best Practices
Kubernetes is becoming an essential infrastructure for IT operations and DevOps teams. It’s used to run all types of workloads, spanning everything from development and testing environments to...
View ArticleHow Should APIs Adopt a ‘Least Privilege’ Security Model?
The Principle of Least Privilege (POLP) has been around for some time — the term appears in the Department of Defense’s Computer System Evaluation Criteria, published in 1985. And Michael Gegick and...
View ArticleWho Is Responsible for Protecting APIs?
With the meteoric rise in API attacks, someone needs to be responsible for securing APIs. One trouble is that “responsible” maintains nuances in meaning. When someone says, “You’re responsible for...
View ArticleBest Practices for Improving Your API Security Posture
In the art of writing, time gets condensed. For example, a play may take a couple of hours to act out but a quarter of the time to read. This visualization technique occurs all the time in writing,...
View Article5 Reasons You Need API Runtime Security
A robust API security strategy starts with development but needs a dedicated focus on API runtime security to fully defend this ever-growing and changing attack surface. Shift left has become...
View Article