API Security Articles
The Latest API Security News, Vulnerabilities & Best Practices
APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.
API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.
Subscribe to the API Security newsletter
By clicking Subscribe you agree to our Data Policy
From the APISecurity.io Twitter
JustDial (India's local search, delivery, reservation app) accidentally re-introduced the vulnerable API surfacing PII of 100 million+ customers. We covered this flaw back in 2019 in our issue #28. Back then and just now it got reported by @rajaharia. https://apisecurity.io/issue-28-breaches-tchap-shopify-justdial/
"The State of OAuth" @apidaysglobal recorded session by @aaronpk:
https://www.youtube.com/watch?v=W5ajhfWmvHE
Origins & goals of OAuth, OAuth 2.0 and 2.1, RFCs, adjacent technologies, tokens & their security, upcoming standards and extensions, Grant Negotiation and Authorization Protocol (GNAP)
This collection of Go scripts from @daffainfo let you check validity of various API tokens (from 37 different systems!) that you may find in your #pentesting efforts: https://github.com/daffainfo/Key-Checker
From @bsidesvancouver, a recording of @dftrace explaining the attack surface of #GraphQL, the measures that API providers need to take, his DVGA GraphQL vulnerability sandbox, and bringing down a Wordpress server with a simple GraphQL request! ;)
https://www.youtube.com/watch?v=EVRf708-zq4
API Security weekly newsletter issue #143 is out. Main stories by @harshbothra_, @CraigHays / @InfoSecComm, @adamtlangley / @Hacker0x01, @_shivambathla / @SecurityTube
https://apisecurity.io/issue-143-graphql-api-leaking-credit-cards-sqli-jwt-xml-attacks-mind-map/
API Security Newsletter Archive
- 29 July, 21
- 21 July, 21
- 15 July, 21
- 8 July, 21
- 1 July, 21
- 24 June, 21
- 17 June, 21
- 10 June, 21
- 3 June, 21
- 27 May, 21
From the APISecurity.io Twitter
JustDial (India's local search, delivery, reservation app) accidentally re-introduced the vulnerable API surfacing PII of 100 million+ customers. We covered this flaw back in 2019 in our issue #28. Back then and just now it got reported by @rajaharia. https://apisecurity.io/issue-28-breaches-tchap-shopify-justdial/
"The State of OAuth" @apidaysglobal recorded session by @aaronpk:
https://www.youtube.com/watch?v=W5ajhfWmvHE
Origins & goals of OAuth, OAuth 2.0 and 2.1, RFCs, adjacent technologies, tokens & their security, upcoming standards and extensions, Grant Negotiation and Authorization Protocol (GNAP)
This collection of Go scripts from @daffainfo let you check validity of various API tokens (from 37 different systems!) that you may find in your #pentesting efforts: https://github.com/daffainfo/Key-Checker
From @bsidesvancouver, a recording of @dftrace explaining the attack surface of #GraphQL, the measures that API providers need to take, his DVGA GraphQL vulnerability sandbox, and bringing down a Wordpress server with a simple GraphQL request! ;)
https://www.youtube.com/watch?v=EVRf708-zq4
API Security weekly newsletter issue #143 is out. Main stories by @harshbothra_, @CraigHays / @InfoSecComm, @adamtlangley / @Hacker0x01, @_shivambathla / @SecurityTube
https://apisecurity.io/issue-143-graphql-api-leaking-credit-cards-sqli-jwt-xml-attacks-mind-map/
