API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

1,300 @project_harbor (popular open source container registry) endpoints vulnerable to API vulnerability. To gain admin control attacker needs to include "has_admin_role"=True when doing a POST call to self-register https://t.co/nCDB4HPF9N Found by Aviv Sasson / @Unit42_Intel

20+ Resources To Nail Down Tough API Security Concepts by Kristopher Sandoval @nordicapis
https://t.co/NzBtwm1XBH

API Security weekly newsletter issue 49 is out. Main stories by u/babysharkvic_au @reddit, @DavidKCodelli (@RedHat / @3scale) / @sdtimes, @sehacure, @42crunch. https://t.co/X9r2K8hBhx

New update to the @42crunch API security platform. The biggest new feature is that the API protection component (API microfirewall) now has a non-blocking mode in which attacks are logged and reported but not blocked. Dev tooling also got enhanced. https://t.co/uG2YvWa8Z9

#Get - a popular app for university societies and clubs (4 countries, 159K users, 453 clubs) had a vulnerable API behind the app: unprotected and giving all user information including PII (filtering was on client side only). https://t.co/nyxSWYDwgp

From the APISecurity.io Twitter

1,300 @project_harbor (popular open source container registry) endpoints vulnerable to API vulnerability. To gain admin control attacker needs to include "has_admin_role"=True when doing a POST call to self-register https://t.co/nCDB4HPF9N Found by Aviv Sasson / @Unit42_Intel

20+ Resources To Nail Down Tough API Security Concepts by Kristopher Sandoval @nordicapis
https://t.co/NzBtwm1XBH

API Security weekly newsletter issue 49 is out. Main stories by u/babysharkvic_au @reddit, @DavidKCodelli (@RedHat / @3scale) / @sdtimes, @sehacure, @42crunch. https://t.co/X9r2K8hBhx

New update to the @42crunch API security platform. The biggest new feature is that the API protection component (API microfirewall) now has a non-blocking mode in which attacks are logged and reported but not blocked. Dev tooling also got enhanced. https://t.co/uG2YvWa8Z9

#Get - a popular app for university societies and clubs (4 countries, 159K users, 453 clubs) had a vulnerable API behind the app: unprotected and giving all user information including PII (filtering was on client side only). https://t.co/nyxSWYDwgp