API Security Articles
The Latest API Security News, Vulnerabilities & Best Practices
APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.
API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.
Subscribe to the API Security newsletter
By clicking Subscribe you agree to our Data Policy
From the APISecurity.io Twitter
Government #COVID19 apps continue to have security issues. @amnesty security lab looked at the app mandatory in Qatar and found that they could call the API behind it for any citizen (ids are sequential) and get name, health status and location:
https://t.co/pj0NI00sxi
API Security weekly newsletter issue #85 is out. Main stories by @_nihliphobe, @BillatBroadcom / @aran_api / @DSotnikov / @apiacademy, @michaelisbitski / Frank Catucci / @pragkirk / @Gartner_inc, @epereiralopez
https://t.co/PPVjm0sONr
Google Cloud Deployment Manager fixed API vulnerability found by @epereiralopez. Staging & dogfood versions of the API were accessible and had a flawed fallback to service credentials when user creds failed, and invoked Google internal services via GSLB.
https://t.co/XUONcxYd8c
Solution Path for Forming an API Security Strategy from @Gartner_inc's @michaelisbitski, Frank Catucci & @pragkirk help identify the elements of the API security tooling puzzle. Quick summary: https://t.co/O1rstFsiMJ, full report https://t.co/p4ELQ5HT0c (requires subscription)
The latest episode of @apiacademy is all about API Security: a detailed Q&A with @BillatBroadcom, @aran_api, and @DSotnikov. https://t.co/uBuDXbRbMT
API Security Newsletter Archive
- 28 May, 20
- 21 May, 20
- 14 May, 20
- 7 May, 20
- 30 April, 20
- 23 April, 20
- 16 April, 20
- 9 April, 20
- 2 April, 20
- 26 March, 20
From the APISecurity.io Twitter
Government #COVID19 apps continue to have security issues. @amnesty security lab looked at the app mandatory in Qatar and found that they could call the API behind it for any citizen (ids are sequential) and get name, health status and location:
https://t.co/pj0NI00sxi
API Security weekly newsletter issue #85 is out. Main stories by @_nihliphobe, @BillatBroadcom / @aran_api / @DSotnikov / @apiacademy, @michaelisbitski / Frank Catucci / @pragkirk / @Gartner_inc, @epereiralopez
https://t.co/PPVjm0sONr
Google Cloud Deployment Manager fixed API vulnerability found by @epereiralopez. Staging & dogfood versions of the API were accessible and had a flawed fallback to service credentials when user creds failed, and invoked Google internal services via GSLB.
https://t.co/XUONcxYd8c
Solution Path for Forming an API Security Strategy from @Gartner_inc's @michaelisbitski, Frank Catucci & @pragkirk help identify the elements of the API security tooling puzzle. Quick summary: https://t.co/O1rstFsiMJ, full report https://t.co/p4ELQ5HT0c (requires subscription)
The latest episode of @apiacademy is all about API Security: a detailed Q&A with @BillatBroadcom, @aran_api, and @DSotnikov. https://t.co/uBuDXbRbMT
