API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

#Cisco released patches for critical API security flaws in UCS software, small-biz 220 routers including #RCE. The flaws seem to be mostly caused by lack of request header validation and lack of boundary checks on input data. https://t.co/A55yQmgJr4 via @Mcooney59 / @networkworld

API Security Newsletter issue 45 is out. Main stories by @cloudsa, @ZDNet, @APACinfosec, @JacquesDeclas1, @icyphox, @_vologue, @shubhamtc / @SecureLayer7, @PenTestPartners, @thisisFoxx https://t.co/QfZWPomUH0

Insecure APIs #7 in @cloudsa Egregious 11 cloud security issues list: Practice good API hygiene: diligent oversight of items such as inventory, testing, auditing, and abnormal activity protections. Consider using standard and open API frameworks https://t.co/6MvvsXW7nV via @ZDNet

The State of API Security: conversation at @RSAConference between @APACinfosec and @JacquesDeclas1 (@42Crunch):
* How API security has evolved;
* API security and the role #DevSecOps plays;
* API Security for #microservices in the word of #Kubernetes.
https://t.co/rhPDJBmuel

#FB50 smartlock API is vulnerable to #IDOR attack and allows full takeover. API
calls allow to retrieve lock and user information, then use the info to assign the lock to a new "owner". https://t.co/FPPaG7WgX6 by @icyphox, @_vologue, @shubhamtc / @SecureLayer7

From the APISecurity.io Twitter

#Cisco released patches for critical API security flaws in UCS software, small-biz 220 routers including #RCE. The flaws seem to be mostly caused by lack of request header validation and lack of boundary checks on input data. https://t.co/A55yQmgJr4 via @Mcooney59 / @networkworld

API Security Newsletter issue 45 is out. Main stories by @cloudsa, @ZDNet, @APACinfosec, @JacquesDeclas1, @icyphox, @_vologue, @shubhamtc / @SecureLayer7, @PenTestPartners, @thisisFoxx https://t.co/QfZWPomUH0

Insecure APIs #7 in @cloudsa Egregious 11 cloud security issues list: Practice good API hygiene: diligent oversight of items such as inventory, testing, auditing, and abnormal activity protections. Consider using standard and open API frameworks https://t.co/6MvvsXW7nV via @ZDNet

The State of API Security: conversation at @RSAConference between @APACinfosec and @JacquesDeclas1 (@42Crunch):
* How API security has evolved;
* API security and the role #DevSecOps plays;
* API Security for #microservices in the word of #Kubernetes.
https://t.co/rhPDJBmuel

#FB50 smartlock API is vulnerable to #IDOR attack and allows full takeover. API
calls allow to retrieve lock and user information, then use the info to assign the lock to a new "owner". https://t.co/FPPaG7WgX6 by @icyphox, @_vologue, @shubhamtc / @SecureLayer7