API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

Top 10 Trends in Cybersecurity by @AiteGroup
1. Ransomware
2. Filling cybersec positions
3. API Security
4. Cloud misconfig leaking data
5. SIEM & SOAR
6. Data privacy & compliance
7. BAS
8. Microsoft aggressive in sec
9. Sec analytics
10. Flat networks
https://t.co/gGAUDdh31a

#JWT security best practices in @pleothaud's #webinar next Thu, Jan 30, 2020 11:00 AM PST: Are You Properly Using JWTs? https://t.co/SsXpJrMahE

OAuth 2.0 Token Exchange is now RFC 8693. This specification standardizes an already widely-deployed pattern in production use by Box, Microsoft, RedHat, Salesforce, and many others. By @selfissued, @drsecure, @__b_c, @ve7jtb, @cmort
https://t.co/lFKg99EML6

API Security weekly newsletter issue #66 is out. Main stories by @wordfence, @ErickaChick / @Bitdefender_Ent, @_cpresearch_, @owasp / @AppSecCali
https://t.co/paurmrSz8q

API security vulnerability in a popular InfiniteWP Client plugin for WordPress. Attackers can exploit the API endpoint for adding a new site to log in to WordPress as admins w/o authentication. WAFs cannot protect b/c malicious & legit calls look identical https://t.co/kfoMJluI9R

From the APISecurity.io Twitter

Top 10 Trends in Cybersecurity by @AiteGroup
1. Ransomware
2. Filling cybersec positions
3. API Security
4. Cloud misconfig leaking data
5. SIEM & SOAR
6. Data privacy & compliance
7. BAS
8. Microsoft aggressive in sec
9. Sec analytics
10. Flat networks
https://t.co/gGAUDdh31a

#JWT security best practices in @pleothaud's #webinar next Thu, Jan 30, 2020 11:00 AM PST: Are You Properly Using JWTs? https://t.co/SsXpJrMahE

OAuth 2.0 Token Exchange is now RFC 8693. This specification standardizes an already widely-deployed pattern in production use by Box, Microsoft, RedHat, Salesforce, and many others. By @selfissued, @drsecure, @__b_c, @ve7jtb, @cmort
https://t.co/lFKg99EML6

API Security weekly newsletter issue #66 is out. Main stories by @wordfence, @ErickaChick / @Bitdefender_Ent, @_cpresearch_, @owasp / @AppSecCali
https://t.co/paurmrSz8q

API security vulnerability in a popular InfiniteWP Client plugin for WordPress. Attackers can exploit the API endpoint for adding a new site to log in to WordPress as admins w/o authentication. WAFs cannot protect b/c malicious & legit calls look identical https://t.co/kfoMJluI9R