API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

The State of Web Application Security report published by @radware. Includes a lot of useful stats: organizational, architecture (lots of K8S), DevSecOps, common attacks and response times, challenges. For example, see this image for API attacks. https://t.co/8eZ9uLUtvJ

#Kaspersky Internet Security products had vulnerabilities leaking API keys for communications with the backend. Rogue websites could hijack the key, disable ad blocking & tracking protection, crash the antivirus, get user id, etc. https://t.co/RvndfDBtq0 Reported by @WPalant

API Security weekly newsletter issue #60 is out. Main stories by @isamauny, @OmerTsarfati / @CyberArk, @enisa_eu, @zimperium
https://t.co/vsZxpSJp0R

LIVE WEBINAR: Positive Security for APIs by @isamauny next Thu, Dec 12. Positive Security aka Whitelisting is a powerful approach to protection against @owasp API Sec A3, A6 & A8. The webinar will cover what it is, why it matters, and how to implement it. https://t.co/8t9EB4ZYXj

#Azure accounts were vulnerable to takeover due to a vulnerability in #OAuth2 implementation. @OmerTsarfati / @CyberArk found that some of the redirect_uri that the implementation trusted had wildcards and included domains that attacker could register. https://t.co/2twfYK0chD

From the APISecurity.io Twitter

The State of Web Application Security report published by @radware. Includes a lot of useful stats: organizational, architecture (lots of K8S), DevSecOps, common attacks and response times, challenges. For example, see this image for API attacks. https://t.co/8eZ9uLUtvJ

#Kaspersky Internet Security products had vulnerabilities leaking API keys for communications with the backend. Rogue websites could hijack the key, disable ad blocking & tracking protection, crash the antivirus, get user id, etc. https://t.co/RvndfDBtq0 Reported by @WPalant

API Security weekly newsletter issue #60 is out. Main stories by @isamauny, @OmerTsarfati / @CyberArk, @enisa_eu, @zimperium
https://t.co/vsZxpSJp0R

LIVE WEBINAR: Positive Security for APIs by @isamauny next Thu, Dec 12. Positive Security aka Whitelisting is a powerful approach to protection against @owasp API Sec A3, A6 & A8. The webinar will cover what it is, why it matters, and how to implement it. https://t.co/8t9EB4ZYXj

#Azure accounts were vulnerable to takeover due to a vulnerability in #OAuth2 implementation. @OmerTsarfati / @CyberArk found that some of the redirect_uri that the implementation trusted had wildcards and included domains that attacker could register. https://t.co/2twfYK0chD