APISecurity.io is a community website for all things related to API security. Our daily news and weekly newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the newsletter

By clicking Subscribe you agree to our Data Policy

From our Twitter

A new successful Bleichenbacher attack on #TLS: attackers can cause TLS to downgrade to v2 and get exploited. If your TLS/SSL library is older than Nov 2018, upgrade asap. See details at https://t.co/9f499DIMGJ by @campuscodi via @ZDNet

API Security Weekly Newsletter Issue #18 is out. Main stories by @PenTestPartners, @olihough86 / @TheRegister, @yosriady, @alexlomas, @7H3Wh173R4bb17, @OpenApiSpec https://t.co/AkOhWaS9Bf

If your application is using #Gmail #API, tomorrow (Feb 15, 2019) is your last day to submit it to a security review. The cost is $15K-$75K. If not passed (or not submitted) Google will cut your API access. Interesting API security governance step. https://t.co/aYBmTSqBU7

Wondering if your API contract conforms to security standards and best practices? Upload your @OpenApiSpec file to this free tool and get a detailed report with the overall score, identified issues, and recommendations on how to remediate: https://t.co/kGsQosKhS9

Enox Safe-Kid-One smartwatches are getting recalled by European Union because of their vulnerable APIs. There is no encryption and authentication so attackers can get and change any info (location, etc.) & send commands to the watches. https://t.co/zZ5NDSxgdx

From our Twitter

A new successful Bleichenbacher attack on #TLS: attackers can cause TLS to downgrade to v2 and get exploited. If your TLS/SSL library is older than Nov 2018, upgrade asap. See details at https://t.co/9f499DIMGJ by @campuscodi via @ZDNet

API Security Weekly Newsletter Issue #18 is out. Main stories by @PenTestPartners, @olihough86 / @TheRegister, @yosriady, @alexlomas, @7H3Wh173R4bb17, @OpenApiSpec https://t.co/AkOhWaS9Bf

If your application is using #Gmail #API, tomorrow (Feb 15, 2019) is your last day to submit it to a security review. The cost is $15K-$75K. If not passed (or not submitted) Google will cut your API access. Interesting API security governance step. https://t.co/aYBmTSqBU7

Wondering if your API contract conforms to security standards and best practices? Upload your @OpenApiSpec file to this free tool and get a detailed report with the overall score, identified issues, and recommendations on how to remediate: https://t.co/kGsQosKhS9

Enox Safe-Kid-One smartwatches are getting recalled by European Union because of their vulnerable APIs. There is no encryption and authentication so attackers can get and change any info (location, etc.) & send commands to the watches. https://t.co/zZ5NDSxgdx