API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

OAuth 2.0 Token Exchange is now RFC 8693. This specification standardizes an already widely-deployed pattern in production use by Box, Microsoft, RedHat, Salesforce, and many others. By @selfissued, @drsecure, @__b_c, @ve7jtb, @cmort
https://t.co/lFKg99EML6

API Security weekly newsletter issue #66 is out. Main stories by @wordfence, @ErickaChick / @Bitdefender_Ent, @_cpresearch_, @owasp / @AppSecCali
https://t.co/paurmrSz8q

API security vulnerability in a popular InfiniteWP Client plugin for WordPress. Attackers can exploit the API endpoint for adding a new site to log in to WordPress as admins w/o authentication. WAFs cannot protect b/c malicious & legit calls look identical https://t.co/kfoMJluI9R

"API Security a Top Concern for Cybersecurity in 2020" write-up by @ErickaChick. Has latest stats and trends related to API spread & API security, information about the @owasp API top 10 project, quotes from @ErezYalon & @DSotnikov https://t.co/5qrchCdcwD via @Bitdefender_Ent

. @tiktok_us fixed vulns found by @_cpresearch_. An exposed API allowed to send SMS messages with deep links to the app on TikTok behalf. Vulnerable regex permitted redirects to attacker URLs. CSRF allowed API execution to delete, add, expose videos, etc. https://t.co/Hu0ngTgbjs

From the APISecurity.io Twitter

OAuth 2.0 Token Exchange is now RFC 8693. This specification standardizes an already widely-deployed pattern in production use by Box, Microsoft, RedHat, Salesforce, and many others. By @selfissued, @drsecure, @__b_c, @ve7jtb, @cmort
https://t.co/lFKg99EML6

API Security weekly newsletter issue #66 is out. Main stories by @wordfence, @ErickaChick / @Bitdefender_Ent, @_cpresearch_, @owasp / @AppSecCali
https://t.co/paurmrSz8q

API security vulnerability in a popular InfiniteWP Client plugin for WordPress. Attackers can exploit the API endpoint for adding a new site to log in to WordPress as admins w/o authentication. WAFs cannot protect b/c malicious & legit calls look identical https://t.co/kfoMJluI9R

"API Security a Top Concern for Cybersecurity in 2020" write-up by @ErickaChick. Has latest stats and trends related to API spread & API security, information about the @owasp API top 10 project, quotes from @ErezYalon & @DSotnikov https://t.co/5qrchCdcwD via @Bitdefender_Ent

. @tiktok_us fixed vulns found by @_cpresearch_. An exposed API allowed to send SMS messages with deep links to the app on TikTok behalf. Vulnerable regex permitted redirects to attacker URLs. CSRF allowed API execution to delete, add, expose videos, etc. https://t.co/Hu0ngTgbjs