API Security Articles
The Latest API Security News, Vulnerabilities & Best Practices
APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.
API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.
Subscribe to the API Security newsletter
By clicking Subscribe you agree to our Data Policy
From the APISecurity.io Twitter
A Broken Object-Level Authorization (#BOLA/#IDOR) vulnerability in #Facebook's GraphQL API allowed anyone to change someone else's page URL and then take over the old one. See detailed report by @mvinni_ :
https://bugreader.com/marcos@change-the-username-for-any-facebook-page-219
Remember our anniversary raffle last week: https://apisecurity.io/issue-100-api-security-advice-top-industry-experts/? We are happy to announce the winner - @alexz4nder. Congratulations! And huge thanks to all our contributors and reader, and especially to everyone helping spread the word!
API Security weekly #101. Stories by @evstykas / @PenTestPartners, @epereiralopez, @wk057 & @FredericLambert / @ElectrekCo, @swaysThinking, @jon_bottarini, @ms__chief / @DI_Security, @DSotnikov / @devopsworldconf, @caseysoftware, @approov_io, @isamauny
https://apisecurity.io/issue-101-vulnerabilities-giggle-google-cloud-platform-sonicwall-new-relic-tesla/
Confused by the layers and alternatives of API security? Attend September 24 webinar "OAuth, OWASP, Gateways and Meshes - Oh my!" by Keith Casey (@caseysoftware / @okta), David Stewart (@approov_io) and Isabelle Mauny (@isamauny / @42crunch).
https://us02web.zoom.us/webinar/register/WN_YvcIjmzxTn-ulyMJWgHu5w
If you are using @jenkinsci make sure to attend next week's virtual @devopsworldconf conference: Sept 22-24. 57 sessions are security-related, and there's one specifically on APIs: "Using Jenkins Pipeline and DevSecOps for API Security" by @DSotnikov
https://sessions.devopsworld.com/sessions?p1=eyJzcGVha2VyIjpbXSwidGltZXNsb3QiOltdLCJkYXkiOltdLCJyb29tIjpbXSwibG9jYXRpb24iOltdLCJzdGFydCI6IiIsImZpbmlzaCI6IiIsInBhZ2VudW1iZXIiOjEsImNhdGVnb3JpZXMiOnt9LCJrZXl3b3JkIjoic290bmlrb3YifQ%3D%3D
API Security Newsletter Archive
- 17 September, 20
- 10 September, 20
- 3 September, 20
- 27 August, 20
- 20 August, 20
- 13 August, 20
- 6 August, 20
- 30 July, 20
- 23 July, 20
- 16 July, 20
From the APISecurity.io Twitter
A Broken Object-Level Authorization (#BOLA/#IDOR) vulnerability in #Facebook's GraphQL API allowed anyone to change someone else's page URL and then take over the old one. See detailed report by @mvinni_ :
https://bugreader.com/marcos@change-the-username-for-any-facebook-page-219
Remember our anniversary raffle last week: https://apisecurity.io/issue-100-api-security-advice-top-industry-experts/? We are happy to announce the winner - @alexz4nder. Congratulations! And huge thanks to all our contributors and reader, and especially to everyone helping spread the word!
API Security weekly #101. Stories by @evstykas / @PenTestPartners, @epereiralopez, @wk057 & @FredericLambert / @ElectrekCo, @swaysThinking, @jon_bottarini, @ms__chief / @DI_Security, @DSotnikov / @devopsworldconf, @caseysoftware, @approov_io, @isamauny
https://apisecurity.io/issue-101-vulnerabilities-giggle-google-cloud-platform-sonicwall-new-relic-tesla/
Confused by the layers and alternatives of API security? Attend September 24 webinar "OAuth, OWASP, Gateways and Meshes - Oh my!" by Keith Casey (@caseysoftware / @okta), David Stewart (@approov_io) and Isabelle Mauny (@isamauny / @42crunch).
https://us02web.zoom.us/webinar/register/WN_YvcIjmzxTn-ulyMJWgHu5w
If you are using @jenkinsci make sure to attend next week's virtual @devopsworldconf conference: Sept 22-24. 57 sessions are security-related, and there's one specifically on APIs: "Using Jenkins Pipeline and DevSecOps for API Security" by @DSotnikov
https://sessions.devopsworld.com/sessions?p1=eyJzcGVha2VyIjpbXSwidGltZXNsb3QiOltdLCJkYXkiOltdLCJyb29tIjpbXSwibG9jYXRpb24iOltdLCJzdGFydCI6IiIsImZpbmlzaCI6IiIsInBhZ2VudW1iZXIiOjEsImNhdGVnb3JpZXMiOnt9LCJrZXl3b3JkIjoic290bmlrb3YifQ%3D%3D
