API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

API Security weekly newsletter issue #52 is out. Main stories by @NISTCyber, @kubernetesio, @code, @OpenApiSpec, @42crunch https://t.co/sjFGTD5tGp

#OpenAPI extension for @code now includes built-in Security Audit. This static analysis includes about 200 different security checks run against your @OpenApiSpec API contract in #VSCode & provides detailed report. Supports both v2 & v3, #YAML & #JASON. https://t.co/8qGSmiPKqD

#Kubernetes API Server is vulnerable to #YAML expansion #DoS attack. The fix is in the works and coming in next updates. For now, review API access: limit to trusted accounts only, review roles and their membership, consider removing internet access. https://t.co/ETRcjKqzEM

Public draft of the #ZeroTrust Architecture document NIST SP 800-207 published by @NISTCyber. Very relevant to API Security in the world where microservices, mobile, IoT, and cloud made 100% secure perimeter obsolete. Public comments open until Nov 22. https://t.co/GDXZ8NAC7a

API Security weekly newsletter issue 51 is out. Main stories by @EduardKovacs / @SecurityWeek, @dizumerle, @jeremydhoinne, and @TheMarkONeill / @Gartner_inc,
@ErezYalon / @DarkReading https://t.co/XzXrMsJFRQ

From the APISecurity.io Twitter

API Security weekly newsletter issue #52 is out. Main stories by @NISTCyber, @kubernetesio, @code, @OpenApiSpec, @42crunch https://t.co/sjFGTD5tGp

#OpenAPI extension for @code now includes built-in Security Audit. This static analysis includes about 200 different security checks run against your @OpenApiSpec API contract in #VSCode & provides detailed report. Supports both v2 & v3, #YAML & #JASON. https://t.co/8qGSmiPKqD

#Kubernetes API Server is vulnerable to #YAML expansion #DoS attack. The fix is in the works and coming in next updates. For now, review API access: limit to trusted accounts only, review roles and their membership, consider removing internet access. https://t.co/ETRcjKqzEM

Public draft of the #ZeroTrust Architecture document NIST SP 800-207 published by @NISTCyber. Very relevant to API Security in the world where microservices, mobile, IoT, and cloud made 100% secure perimeter obsolete. Public comments open until Nov 22. https://t.co/GDXZ8NAC7a

API Security weekly newsletter issue 51 is out. Main stories by @EduardKovacs / @SecurityWeek, @dizumerle, @jeremydhoinne, and @TheMarkONeill / @Gartner_inc,
@ErezYalon / @DarkReading https://t.co/XzXrMsJFRQ