APISecurity.io is a community website for all things related to API security. Our daily news and weekly newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the newsletter

By clicking Subscribe you agree to our Data Policy

From our Twitter

Some pre-internet tech hacking. Two cities in Texas had their tornado warning systems hacked by simply sending a radio signal. Turns out that there is no security on these interfaces: you just need to know the radio signal that the system expects. https://t.co/iGT6odKMyg

A great educational video by @computer_phile on #SQL injections. He is using a #PHP site as an example but that equally applies to REST interface parameters and JSON payloads. Lock down, sanitize, and escape your inputs! https://t.co/vMlHdxPcr0

API Security Weekly issue 23 is out. Main stories by @sundstrom_kevin / @programmableweb, Daria Kirilenko / @Gartner_inc, @DSotnikov / @42crunch, Nicholas Carlini / @Google, @fs0c131y / @ZDNet, @orysegal / @PureSecTeam https://t.co/95OiKgDrXN

As the LandMark White (LMW) API breach saga continues, several executives including the CEO had to resign. Prior to the breach, it was Australia's largest independent property valuation & consultancy firm. https://t.co/BZaj7ISuY7 by @sundstrom_kevin via @programmableweb

Daria Kirilenko from @Gartner_inc
giving advice to CISO on cloud security: 1. Cloud security is shared b/w vendors & internal team, 2. Build a cloud sec team, 3. Build internal common security API & reference architecture platform. https://t.co/u96v57ICH3 via @TechRepublic

From our Twitter

Some pre-internet tech hacking. Two cities in Texas had their tornado warning systems hacked by simply sending a radio signal. Turns out that there is no security on these interfaces: you just need to know the radio signal that the system expects. https://t.co/iGT6odKMyg

A great educational video by @computer_phile on #SQL injections. He is using a #PHP site as an example but that equally applies to REST interface parameters and JSON payloads. Lock down, sanitize, and escape your inputs! https://t.co/vMlHdxPcr0

API Security Weekly issue 23 is out. Main stories by @sundstrom_kevin / @programmableweb, Daria Kirilenko / @Gartner_inc, @DSotnikov / @42crunch, Nicholas Carlini / @Google, @fs0c131y / @ZDNet, @orysegal / @PureSecTeam https://t.co/95OiKgDrXN

As the LandMark White (LMW) API breach saga continues, several executives including the CEO had to resign. Prior to the breach, it was Australia's largest independent property valuation & consultancy firm. https://t.co/BZaj7ISuY7 by @sundstrom_kevin via @programmableweb

Daria Kirilenko from @Gartner_inc
giving advice to CISO on cloud security: 1. Cloud security is shared b/w vendors & internal team, 2. Build a cloud sec team, 3. Build internal common security API & reference architecture platform. https://t.co/u96v57ICH3 via @TechRepublic