API Security Articles
The Latest API Security News, Vulnerabilities & Best Practices
APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.
API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.
Subscribe to the API Security newsletter
By clicking Subscribe you agree to our Data Policy
From the APISecurity.io Twitter
Always good to see new API security training courses and this one is no exception: check out the @AppSecEngineer 2021 guide to API security
https://appsecengineer.com/hackerman-hub/2021-guide-api-security-what-you-need-know
API Security weekly newsletter issue #161 is out. Main stories this week from @Ub3rsick on a vulnerability in Wipro Holmes Orchestrator, tips for API security from @InonShkedy, research from @alissaknight and views from on shift-left from @colindomoney
https://apisecurity.io/issue-161-vulnerability-in-wipro-holmes-orchestrator-report-into-vulnerabilities-in-fintech-and-banking-apps/
Today we have an excellent resource from @InonShkedy on API security tips — there are some really good insights in here, many of them real quick wins for any API developer. Definitely one to bookmark!
https://github.com/inonshk/31-days-of-API-Security-Tips
Today I'm featured in the ST Times discussing how a developer-first approach can benefit both development and security teams by embedding "security as code" into your software build process.
https://sdtimes.com/api/a-developer-first-approach-what-does-this-mean-for-api-security/
A vulnerability CVE-2021-38146 was disclosed in the Wipro Holmes Orchestrator file download API allowing for arbitrary file download via path manipulation. Further details here:
https://packetstormsecurity.com/files/164970/Wipro-Holmes-Orchestrator-20.4.1-Arbitrary-File-Download.html
API Security Newsletter Archive
- 24 November, 21
- 18 November, 21
- 10 November, 21
- 3 November, 21
- 27 October, 21
- 20 October, 21
- 13 October, 21
- 6 October, 21
- 29 September, 21
- 22 September, 21
From the APISecurity.io Twitter
Always good to see new API security training courses and this one is no exception: check out the @AppSecEngineer 2021 guide to API security
https://appsecengineer.com/hackerman-hub/2021-guide-api-security-what-you-need-know
API Security weekly newsletter issue #161 is out. Main stories this week from @Ub3rsick on a vulnerability in Wipro Holmes Orchestrator, tips for API security from @InonShkedy, research from @alissaknight and views from on shift-left from @colindomoney
https://apisecurity.io/issue-161-vulnerability-in-wipro-holmes-orchestrator-report-into-vulnerabilities-in-fintech-and-banking-apps/
Today we have an excellent resource from @InonShkedy on API security tips — there are some really good insights in here, many of them real quick wins for any API developer. Definitely one to bookmark!
https://github.com/inonshk/31-days-of-API-Security-Tips
Today I'm featured in the ST Times discussing how a developer-first approach can benefit both development and security teams by embedding "security as code" into your software build process.
https://sdtimes.com/api/a-developer-first-approach-what-does-this-mean-for-api-security/
A vulnerability CVE-2021-38146 was disclosed in the Wipro Holmes Orchestrator file download API allowing for arbitrary file download via path manipulation. Further details here:
https://packetstormsecurity.com/files/164970/Wipro-Holmes-Orchestrator-20.4.1-Arbitrary-File-Download.html
