API Security Articles
The Latest API Security News, Vulnerabilities & Best Practices
APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.
API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.
Subscribe to the API Security newsletter
By clicking Subscribe you agree to our Data Policy
From the APISecurity.io Twitter
With the shift to APIs, IoT and mobile made WAFs highly dissatisfied. See report by @PonemonPrivacy. 86% WAF customers had in last 12 months attacks that bypassed WAF. 2.5 FTEs required to maintain then. Average TCO is $620K/yr. https://t.co/rK7oy87Sjr
Now #Asus PC update service got hacked. Successful man-in-the-middle attack because the service used HTTP and did not properly check signatures on files. Always use https and never trust any unsigned data. Issue found by @cherepanov74 / @ESET https://t.co/cWJzExbTUj
API Security platform vendor @42Crunch has launched a partner / reseller program https://t.co/hdSoKs5ZuM
Over 25,000 Linksys Smart Wi-Fi routers have an unprotected API that leaks data on all connected devices: name, MAC address, OS, firewall status, settings for WAN, firmware update & DDNS. Also, tells if admin pwd is default or changed. https://t.co/vCV8gdxR2S via @bad_packets
API Security Weekly newsletter issue 31 is out. Main stories by @campuscodi / @ZDNet, @a85 / @postmanclient, @SecurityWeekly / @maldermania, @7Elements, @mossab_hussein / @zackwhittaker / @TechCrunch, : https://t.co/vsrc8rnRvI
API Security Newsletter Archive
- 16 May, 19
- 9 May, 19
- 2 May, 19
- 25 April, 19
- 18 April, 19
- 11 April, 19
- 4 April, 19
- 28 March, 19
- 21 March, 19
- 14 March, 19
From the APISecurity.io Twitter
With the shift to APIs, IoT and mobile made WAFs highly dissatisfied. See report by @PonemonPrivacy. 86% WAF customers had in last 12 months attacks that bypassed WAF. 2.5 FTEs required to maintain then. Average TCO is $620K/yr. https://t.co/rK7oy87Sjr
Now #Asus PC update service got hacked. Successful man-in-the-middle attack because the service used HTTP and did not properly check signatures on files. Always use https and never trust any unsigned data. Issue found by @cherepanov74 / @ESET https://t.co/cWJzExbTUj
API Security platform vendor @42Crunch has launched a partner / reseller program https://t.co/hdSoKs5ZuM
Over 25,000 Linksys Smart Wi-Fi routers have an unprotected API that leaks data on all connected devices: name, MAC address, OS, firewall status, settings for WAN, firmware update & DDNS. Also, tells if admin pwd is default or changed. https://t.co/vCV8gdxR2S via @bad_packets
API Security Weekly newsletter issue 31 is out. Main stories by @campuscodi / @ZDNet, @a85 / @postmanclient, @SecurityWeekly / @maldermania, @7Elements, @mossab_hussein / @zackwhittaker / @TechCrunch, : https://t.co/vsrc8rnRvI
