API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

RT @DSotnikov: Latest AST quadrant by @Gartner_inc mentions 77% increase of end-user client inquiries about API Security in 2018 compared to 2017, followed by 55% increase for container security, and 34% on DevSecOps. https://t.co/kESqYToB4N

"How to Improve the Security of Your APIs from the Get-Go" by @DSotnikov via @thenewstack: why API security is on the rise, how WAFs are not cutting it anymore, and what "shift left" looks like in the API security context: https://t.co/XkmP6OmVSb

IDOR API vulnerability in Shopify Exchange App (now fixed by @Shopify) affected about 8,700 stores and exposed all their revenue & traffic data. See a very detailed write-up by the researcher @_ayoubfathi_: including his scripts, DNS reverse lookups, etc. https://t.co/9Ypcp1RHol

India's #1 local search service #JustDial had an unprotected API leaking personal data of all 100 mln+ users. Seems that when the company redesigned apps, the old API was left up, unprotected, with DB access. https://t.co/pRq0Y6b5Zr Via @TheHackersNews. Vuln found by @rajaharia

API Security Weekly newsletter issue 27 is out! Main stories by
@TheKenMunroShow / @PenTestPartners, @orysegal, @daronin, @jmaxxz / @SEInews https://t.co/wYUW74RdbU

From the APISecurity.io Twitter

RT @DSotnikov: Latest AST quadrant by @Gartner_inc mentions 77% increase of end-user client inquiries about API Security in 2018 compared to 2017, followed by 55% increase for container security, and 34% on DevSecOps. https://t.co/kESqYToB4N

"How to Improve the Security of Your APIs from the Get-Go" by @DSotnikov via @thenewstack: why API security is on the rise, how WAFs are not cutting it anymore, and what "shift left" looks like in the API security context: https://t.co/XkmP6OmVSb

IDOR API vulnerability in Shopify Exchange App (now fixed by @Shopify) affected about 8,700 stores and exposed all their revenue & traffic data. See a very detailed write-up by the researcher @_ayoubfathi_: including his scripts, DNS reverse lookups, etc. https://t.co/9Ypcp1RHol

India's #1 local search service #JustDial had an unprotected API leaking personal data of all 100 mln+ users. Seems that when the company redesigned apps, the old API was left up, unprotected, with DB access. https://t.co/pRq0Y6b5Zr Via @TheHackersNews. Vuln found by @rajaharia

API Security Weekly newsletter issue 27 is out! Main stories by
@TheKenMunroShow / @PenTestPartners, @orysegal, @daronin, @jmaxxz / @SEInews https://t.co/wYUW74RdbU