#API #Security #Newsletter issue #6 is out. Top stories by @pingidentity, @TheRegister, @xargsnotbombs, @balaganski / @kuppingercole, @ErickaChick / @DarkReading https://t.co/JeWWdiuvm6

Do not trust surveys. According to one by @pingidentity, if a company gets a data breach 78% of customers will stop interacting with it online and 36% will never use it at all. Yet, we are not seeing #T-Mobile or #BritishAirways shares drop post-breaches. https://t.co/zaHBB7ioMW

#Steam gaming service had an API vulnerability in license generation API. Anyone registered at their partner portal could call their /partnercdkeys/assignkeys/ with unexpected param values and get thousands of keys to use or resell. https://t.co/3ktC32c1lr via @TheRegister

We have already covered "Illustrated TLS" site by @xargsnotbombs. It had step-by-step illustration of how 1.2 works. Now, he has launched a version of the site for TLS 1.3! Quite a few changes in the protocol so go check it out. https://t.co/bWL95u8sRc

#DevSecOps piece by @kuppingercole's @balaganski: The days of relying only on a WAF are over, need API Security-specific solutions. Microservices are containers + APIs. Security strategy need to include: #containers, #APIs, #microservices, #data https://t.co/OtiSXg6C1e