API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

The WordPress WP HTML Mail plugin is vulnerable to code injection and phishing due to XSS via an unprotected API endpoint.

"Simply put, there was no authentication required to access the REST-API endpoint."

https://threatpost.com/wordpress-insecure-plugin-rest-api/177866/

When you work with APIs, API security is one of your biggest concerns.

A great resource for learning more about API security standards, best practices, and common vulnerabilities is @apisecurityio.

Check out their website and subscribe to their newsletter!

#infosec #ITsecurity

If you're getting started with API security take a look at vAPI — an open source lab environment to learn about API security featuring vulnerable APIs across the OWASP API security Top 10.

https://portswigger.net/daily-swig/introducing-vapi-an-open-source-lab-environment-to-learn-about-api-security

API Security weekly newsletter issue #168 is out. Main stories this week from @FingerprintJS on the Safari 15 vulnerability, a pair of AWS vulnerabilities from @orcasec, and @Dana_Gardner, @rinkisethi, and @alissaknight discussing API security.

https://apisecurity.io/issue-168-safari-15-indexeddb-api-vulnerability-a-pair-of-aws-vulnerabilities-and-an-api-security-podcast/

I'm excited to kick off the first session of 3 on API security with @colindomoney next Tuesday. Join us to learn about the #API #Security landscape, common vulnerabilities, and most importantly, proper defenses! https://buff.ly/33seweU #appsec #infosec

From the APISecurity.io Twitter

The WordPress WP HTML Mail plugin is vulnerable to code injection and phishing due to XSS via an unprotected API endpoint.

"Simply put, there was no authentication required to access the REST-API endpoint."

https://threatpost.com/wordpress-insecure-plugin-rest-api/177866/

When you work with APIs, API security is one of your biggest concerns.

A great resource for learning more about API security standards, best practices, and common vulnerabilities is @apisecurityio.

Check out their website and subscribe to their newsletter!

#infosec #ITsecurity

If you're getting started with API security take a look at vAPI — an open source lab environment to learn about API security featuring vulnerable APIs across the OWASP API security Top 10.

https://portswigger.net/daily-swig/introducing-vapi-an-open-source-lab-environment-to-learn-about-api-security

API Security weekly newsletter issue #168 is out. Main stories this week from @FingerprintJS on the Safari 15 vulnerability, a pair of AWS vulnerabilities from @orcasec, and @Dana_Gardner, @rinkisethi, and @alissaknight discussing API security.

https://apisecurity.io/issue-168-safari-15-indexeddb-api-vulnerability-a-pair-of-aws-vulnerabilities-and-an-api-security-podcast/

I'm excited to kick off the first session of 3 on API security with @colindomoney next Tuesday. Join us to learn about the #API #Security landscape, common vulnerabilities, and most importantly, proper defenses! https://buff.ly/33seweU #appsec #infosec