API Security Articles
The Latest API Security News, Vulnerabilities & Best Practices
APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.
API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.
Subscribe to the API Security newsletter
By clicking Subscribe you agree to our Data Policy
From the APISecurity.io Twitter
API Security weekly newsletter issue #71 is out. Main stories by @pauloasilva_com / @Checkmarx, @AmirShladovsky / @imperva, @InonShkedy / @traceableai, Ramaswamy Chandramouli / @NIST
https://t.co/qSl1OhB2Pe
"Security Strategies for Microservices-based Application Systems" by @NIST's Ramaswamy Chandramouli: architectural frameworks, threats, security strategies for IAM, discovery, communications, monitoring, resiliency, integrity, countering internet attacks.
https://t.co/CS4GBxRGrT
31 tips on API pentesting from @InonShkedy / @traceableai: Authorization (6 tips)
Authentication (1 tip)
CSRF (1 tip)
Data Exposure (1 tip)
DoS (1 tip)
Injection (4 tips)
Mass Assignment (2 tips)
What to do if you got stuck (12 tips)
Tools (1 tip) https://t.co/baBKT7r0DE
Excellent scooter service API vulnerability research by @AmirShladovsky / @imperva: overcame rate limiting to track routes of e-scooters in Tel-Aviv ("grid" calls by location + unique IDs for each scooter) and could even ring their bells as a bonus. https://t.co/NeeeenbvF8
A very systematic @SoundCloud API vulnerability report by @pauloasilva_com / @Checkmarx. These include:
* Broken Authentication & User Enumeration
* Lack of Resources Limiting & Rate Limiting
* Security Misconfiguration & Improper Input Validation
https://t.co/LBPBJKsW95
API Security Newsletter Archive
- 20 February, 20
- 13 February, 20
- 6 February, 20
- 30 January, 20
- 23 January, 20
- 16 January, 20
- 9 January, 20
- 2 January, 20
- 26 December, 19
- 19 December, 19
From the APISecurity.io Twitter
API Security weekly newsletter issue #71 is out. Main stories by @pauloasilva_com / @Checkmarx, @AmirShladovsky / @imperva, @InonShkedy / @traceableai, Ramaswamy Chandramouli / @NIST
https://t.co/qSl1OhB2Pe
"Security Strategies for Microservices-based Application Systems" by @NIST's Ramaswamy Chandramouli: architectural frameworks, threats, security strategies for IAM, discovery, communications, monitoring, resiliency, integrity, countering internet attacks.
https://t.co/CS4GBxRGrT
31 tips on API pentesting from @InonShkedy / @traceableai: Authorization (6 tips)
Authentication (1 tip)
CSRF (1 tip)
Data Exposure (1 tip)
DoS (1 tip)
Injection (4 tips)
Mass Assignment (2 tips)
What to do if you got stuck (12 tips)
Tools (1 tip) https://t.co/baBKT7r0DE
Excellent scooter service API vulnerability research by @AmirShladovsky / @imperva: overcame rate limiting to track routes of e-scooters in Tel-Aviv ("grid" calls by location + unique IDs for each scooter) and could even ring their bells as a bonus. https://t.co/NeeeenbvF8
A very systematic @SoundCloud API vulnerability report by @pauloasilva_com / @Checkmarx. These include:
* Broken Authentication & User Enumeration
* Lack of Resources Limiting & Rate Limiting
* Security Misconfiguration & Improper Input Validation
https://t.co/LBPBJKsW95
