API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

Want to learn more about the upcoming @owasp API Security Top 10? Next Thursday, Nov 21, @DSotnikov is giving a webinar with some real life examples of recent vulnerabilities from each one of them. Register here to claim your spot: https://t.co/JPlNCWSFx4

Researchers at @Bitdefender found a vulnerability in @Amazon @Ring cameras. During initial setup, it starts unsecured wifi access point and communicates over http, thus leaking data including your home wifi password. https://t.co/OxyG4jm6T2

#GitHub #OAuth flow hack by @not_aardvark: #Rails router controller was treating HEAD requests as GET & forwarding them to the controller. Controller expected GET and POST. It wasn't a GET, so it got handled as POST and granted access w/o user consent. https://t.co/X0YQCVMbKg

API Security weekly newsletter issue #56 is out. Main stories by
@owasp, @vickieli7, @cdunlap831 / @ca_itconnection, @AppliedRisk https://t.co/tSRI07D1j2

We have created a cheatsheet / infographics for the upcoming @owasp API Security Top 10. Download it in the format that works for you. Print it and put it on the wall so you know which common API security mistakes to avoid and how. https://t.co/NMiWoK61QX

From the APISecurity.io Twitter

Want to learn more about the upcoming @owasp API Security Top 10? Next Thursday, Nov 21, @DSotnikov is giving a webinar with some real life examples of recent vulnerabilities from each one of them. Register here to claim your spot: https://t.co/JPlNCWSFx4

Researchers at @Bitdefender found a vulnerability in @Amazon @Ring cameras. During initial setup, it starts unsecured wifi access point and communicates over http, thus leaking data including your home wifi password. https://t.co/OxyG4jm6T2

#GitHub #OAuth flow hack by @not_aardvark: #Rails router controller was treating HEAD requests as GET & forwarding them to the controller. Controller expected GET and POST. It wasn't a GET, so it got handled as POST and granted access w/o user consent. https://t.co/X0YQCVMbKg

API Security weekly newsletter issue #56 is out. Main stories by
@owasp, @vickieli7, @cdunlap831 / @ca_itconnection, @AppliedRisk https://t.co/tSRI07D1j2

We have created a cheatsheet / infographics for the upcoming @owasp API Security Top 10. Download it in the format that works for you. Print it and put it on the wall so you know which common API security mistakes to avoid and how. https://t.co/NMiWoK61QX