API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

#SETracker backend behind kids smartwatches, car tracking, dementia patients' devices, etc was vulnerable. Server-to-server API was "protected" with a static key that attackers could reuse with possible life-threatening consequences. https://t.co/QPGKcRJ2wp via @PenTestPartners

API Security weekly newsletter issue #91 is out. Main stories by @Yassineaboukir, @semrush, @ermil0v / @r2cdev, @TheDavisJam / @gitconnected, @PhilippeDeRyck
https://t.co/StjMphXzrC

. @PhilippeDeRyck made his full "Introduction to OAuth 2.0 and OpenID Connect" course available online for free. Check it out at https://t.co/d5bP8MITKs

Regex are a common way to define string parameter patterns for API inputs. How do you define & enforce them w/o becoming a victim of a Regex DoS attack? Check out Regular Expression Denial of Service (ReDoS) cheat-sheet from @TheDavisJam
https://t.co/TugR0pSuq8 via @gitconnected

. @ermil0v from @r2cdev is giving practical examples of JWT vulnerabilities that he found by analyzing 2,000 npm modules. He is also providing rules to catch these issues with their semgrep tool. https://t.co/x9T8MbrkOp

From the APISecurity.io Twitter

#SETracker backend behind kids smartwatches, car tracking, dementia patients' devices, etc was vulnerable. Server-to-server API was "protected" with a static key that attackers could reuse with possible life-threatening consequences. https://t.co/QPGKcRJ2wp via @PenTestPartners

API Security weekly newsletter issue #91 is out. Main stories by @Yassineaboukir, @semrush, @ermil0v / @r2cdev, @TheDavisJam / @gitconnected, @PhilippeDeRyck
https://t.co/StjMphXzrC

. @PhilippeDeRyck made his full "Introduction to OAuth 2.0 and OpenID Connect" course available online for free. Check it out at https://t.co/d5bP8MITKs

Regex are a common way to define string parameter patterns for API inputs. How do you define & enforce them w/o becoming a victim of a Regex DoS attack? Check out Regular Expression Denial of Service (ReDoS) cheat-sheet from @TheDavisJam
https://t.co/TugR0pSuq8 via @gitconnected

. @ermil0v from @r2cdev is giving practical examples of JWT vulnerabilities that he found by analyzing 2,000 npm modules. He is also providing rules to catch these issues with their semgrep tool. https://t.co/x9T8MbrkOp