API Security Articles
The Latest API Security News, Vulnerabilities & Best Practices
APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.
API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.
Subscribe to the API Security newsletter
By clicking Subscribe you agree to our Data Policy
From the APISecurity.io Twitter
The WordPress WP HTML Mail plugin is vulnerable to code injection and phishing due to XSS via an unprotected API endpoint.
"Simply put, there was no authentication required to access the REST-API endpoint."
https://threatpost.com/wordpress-insecure-plugin-rest-api/177866/
When you work with APIs, API security is one of your biggest concerns.
A great resource for learning more about API security standards, best practices, and common vulnerabilities is @apisecurityio.
Check out their website and subscribe to their newsletter!
#infosec #ITsecurity
If you're getting started with API security take a look at vAPI — an open source lab environment to learn about API security featuring vulnerable APIs across the OWASP API security Top 10.
https://portswigger.net/daily-swig/introducing-vapi-an-open-source-lab-environment-to-learn-about-api-security
API Security weekly newsletter issue #168 is out. Main stories this week from @FingerprintJS on the Safari 15 vulnerability, a pair of AWS vulnerabilities from @orcasec, and @Dana_Gardner, @rinkisethi, and @alissaknight discussing API security.
https://apisecurity.io/issue-168-safari-15-indexeddb-api-vulnerability-a-pair-of-aws-vulnerabilities-and-an-api-security-podcast/
I'm excited to kick off the first session of 3 on API security with @colindomoney next Tuesday. Join us to learn about the #API #Security landscape, common vulnerabilities, and most importantly, proper defenses! https://buff.ly/33seweU #appsec #infosec
- 20 January, 22
API Security Newsletter Archive
- 20 January, 22
- 20 January, 22
- 13 January, 22
- 6 January, 22
- 23 December, 21
- 15 December, 21
- 8 December, 21
- 1 December, 21
- 30 November, 21
- 24 November, 21
From the APISecurity.io Twitter
The WordPress WP HTML Mail plugin is vulnerable to code injection and phishing due to XSS via an unprotected API endpoint.
"Simply put, there was no authentication required to access the REST-API endpoint."
https://threatpost.com/wordpress-insecure-plugin-rest-api/177866/
When you work with APIs, API security is one of your biggest concerns.
A great resource for learning more about API security standards, best practices, and common vulnerabilities is @apisecurityio.
Check out their website and subscribe to their newsletter!
#infosec #ITsecurity
If you're getting started with API security take a look at vAPI — an open source lab environment to learn about API security featuring vulnerable APIs across the OWASP API security Top 10.
https://portswigger.net/daily-swig/introducing-vapi-an-open-source-lab-environment-to-learn-about-api-security
API Security weekly newsletter issue #168 is out. Main stories this week from @FingerprintJS on the Safari 15 vulnerability, a pair of AWS vulnerabilities from @orcasec, and @Dana_Gardner, @rinkisethi, and @alissaknight discussing API security.
https://apisecurity.io/issue-168-safari-15-indexeddb-api-vulnerability-a-pair-of-aws-vulnerabilities-and-an-api-security-podcast/
I'm excited to kick off the first session of 3 on API security with @colindomoney next Tuesday. Join us to learn about the #API #Security landscape, common vulnerabilities, and most importantly, proper defenses! https://buff.ly/33seweU #appsec #infosec
