API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

WordPress release 5.8.1 is a service and maintenance release addressing 60 bugs and 3 security fixes including a fix to data exposure on the REST API courtesy of @mdawaffe

https://wordpress.org/news/2021/09/wordpress-5-8-1-security-and-maintenance-release/

As the adoption of APIs continues to increase rapidly so do the attacks against APIs and with the advent of AI, it is possible to weaponize a 'bot army' against APIs. "Security breaches are the #1 concern of respondents
regarding the use of APIs"

https://securityintelligence.com/articles/how-companies-can-prepare-botnet-attacks-apis/

If you want to know everything about API tokens this blog from @tqbf should give you everything you need to know, and then some! Definitely one to bookmark for reference.

https://fly.io/blog/api-tokens-a-tedious-survey/

A comprehensive resource on all things relating to API discovery from @apievangelist including a look back over the last 15 years and where we're headed. Great Friday reading.

https://apievangelist.com/2021/02/11/gathering-my-thoughts-on-api-discovery/

API Security weekly newsletter issue #150 is out. Main stories on a vulnerability in Fortress home security system, API fuzzing techniques with @alissaknight, hardening GraphQL implementations from @jensneuse_de, and API governance from @BPlatzer

https://apisecurity.io/issue-150-vulnerability-fortress-home-security-system-api-fuzzing-techniques-hardening-graphql-implementations-central-governance-apis/

From the APISecurity.io Twitter

WordPress release 5.8.1 is a service and maintenance release addressing 60 bugs and 3 security fixes including a fix to data exposure on the REST API courtesy of @mdawaffe

https://wordpress.org/news/2021/09/wordpress-5-8-1-security-and-maintenance-release/

As the adoption of APIs continues to increase rapidly so do the attacks against APIs and with the advent of AI, it is possible to weaponize a 'bot army' against APIs. "Security breaches are the #1 concern of respondents
regarding the use of APIs"

https://securityintelligence.com/articles/how-companies-can-prepare-botnet-attacks-apis/

If you want to know everything about API tokens this blog from @tqbf should give you everything you need to know, and then some! Definitely one to bookmark for reference.

https://fly.io/blog/api-tokens-a-tedious-survey/

A comprehensive resource on all things relating to API discovery from @apievangelist including a look back over the last 15 years and where we're headed. Great Friday reading.

https://apievangelist.com/2021/02/11/gathering-my-thoughts-on-api-discovery/

API Security weekly newsletter issue #150 is out. Main stories on a vulnerability in Fortress home security system, API fuzzing techniques with @alissaknight, hardening GraphQL implementations from @jensneuse_de, and API governance from @BPlatzer

https://apisecurity.io/issue-150-vulnerability-fortress-home-security-system-api-fuzzing-techniques-hardening-graphql-implementations-central-governance-apis/