API Security Articles
The Latest API Security News, Vulnerabilities & Best Practices
APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.
API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.
Subscribe to the API Security newsletter
By clicking Subscribe you agree to our Data Policy
From the APISecurity.io Twitter
OAuth Tools site from @curityio lets you play with various #OAuth & #OpenIDConnect flows. Connect to any OAuth server and run the flows of your choice: https://t.co/QRzZVPrZmB Also see video: https://t.co/cNjw3qZhi3
Oracle #WebLogic issued a critical API security patch. Just like with a similar earlier issue, the flaw lies in XML workload deserialization. If you are an API vendor, always enforce payload schemas to avoid similar flaws. https://t.co/rFQiec7faJ via @EduardKovacs / @SecurityWeek
Wallpaper crowdsourcing functionality of @oneplus phones
had APIs with discoverable key that was leaking customer personal data: name, email, country https://t.co/6zPP69KOwk via @EvoWizz / @9to5google
API Security weekly newsletter issue 36 is out. Main stories by @balaganski / @kuppingercole, @horac341 / @IBMSecurity, @bltjetpack / @zackwhittaker / @TechCrunch, @zpring / @threatpost https://t.co/4NApqv97sa
API Security in Microservices Architectures article by
@balaganski / @kuppingercole: looks into the challenges and attack vectors of MS architectures and the technology to mitigate: proactive risk assessment, microfirewalls, @SPIFFEio, service meshes. https://t.co/VO5k1MtUde
API Security Newsletter Archive
- 20 June, 19
- 13 June, 19
- 6 June, 19
- 30 May, 19
- 23 May, 19
- 16 May, 19
- 9 May, 19
- 2 May, 19
- 25 April, 19
- 18 April, 19
From the APISecurity.io Twitter
OAuth Tools site from @curityio lets you play with various #OAuth & #OpenIDConnect flows. Connect to any OAuth server and run the flows of your choice: https://t.co/QRzZVPrZmB Also see video: https://t.co/cNjw3qZhi3
Oracle #WebLogic issued a critical API security patch. Just like with a similar earlier issue, the flaw lies in XML workload deserialization. If you are an API vendor, always enforce payload schemas to avoid similar flaws. https://t.co/rFQiec7faJ via @EduardKovacs / @SecurityWeek
Wallpaper crowdsourcing functionality of @oneplus phones
had APIs with discoverable key that was leaking customer personal data: name, email, country https://t.co/6zPP69KOwk via @EvoWizz / @9to5google
API Security weekly newsletter issue 36 is out. Main stories by @balaganski / @kuppingercole, @horac341 / @IBMSecurity, @bltjetpack / @zackwhittaker / @TechCrunch, @zpring / @threatpost https://t.co/4NApqv97sa
API Security in Microservices Architectures article by
@balaganski / @kuppingercole: looks into the challenges and attack vectors of MS architectures and the technology to mitigate: proactive risk assessment, microfirewalls, @SPIFFEio, service meshes. https://t.co/VO5k1MtUde
