API Security Articles
The Latest API Security News, Vulnerabilities & Best Practices
APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.
API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.
Subscribe to the API Security newsletter
By clicking Subscribe you agree to our Data Policy
From the APISecurity.io Twitter
Top 10 Trends in Cybersecurity by @AiteGroup
1. Ransomware
2. Filling cybersec positions
3. API Security
4. Cloud misconfig leaking data
5. SIEM & SOAR
6. Data privacy & compliance
7. BAS
8. Microsoft aggressive in sec
9. Sec analytics
10. Flat networks
https://t.co/gGAUDdh31a
#JWT security best practices in @pleothaud's #webinar next Thu, Jan 30, 2020 11:00 AM PST: Are You Properly Using JWTs? https://t.co/SsXpJrMahE
OAuth 2.0 Token Exchange is now RFC 8693. This specification standardizes an already widely-deployed pattern in production use by Box, Microsoft, RedHat, Salesforce, and many others. By @selfissued, @drsecure, @__b_c, @ve7jtb, @cmort
https://t.co/lFKg99EML6
API Security weekly newsletter issue #66 is out. Main stories by @wordfence, @ErickaChick / @Bitdefender_Ent, @_cpresearch_, @owasp / @AppSecCali
https://t.co/paurmrSz8q
API security vulnerability in a popular InfiniteWP Client plugin for WordPress. Attackers can exploit the API endpoint for adding a new site to log in to WordPress as admins w/o authentication. WAFs cannot protect b/c malicious & legit calls look identical https://t.co/kfoMJluI9R
API Security Newsletter Archive
- 16 January, 20
- 9 January, 20
- 2 January, 20
- 26 December, 19
- 19 December, 19
- 12 December, 19
- 5 December, 19
- 28 November, 19
- 21 November, 19
- 14 November, 19
From the APISecurity.io Twitter
Top 10 Trends in Cybersecurity by @AiteGroup
1. Ransomware
2. Filling cybersec positions
3. API Security
4. Cloud misconfig leaking data
5. SIEM & SOAR
6. Data privacy & compliance
7. BAS
8. Microsoft aggressive in sec
9. Sec analytics
10. Flat networks
https://t.co/gGAUDdh31a
#JWT security best practices in @pleothaud's #webinar next Thu, Jan 30, 2020 11:00 AM PST: Are You Properly Using JWTs? https://t.co/SsXpJrMahE
OAuth 2.0 Token Exchange is now RFC 8693. This specification standardizes an already widely-deployed pattern in production use by Box, Microsoft, RedHat, Salesforce, and many others. By @selfissued, @drsecure, @__b_c, @ve7jtb, @cmort
https://t.co/lFKg99EML6
API Security weekly newsletter issue #66 is out. Main stories by @wordfence, @ErickaChick / @Bitdefender_Ent, @_cpresearch_, @owasp / @AppSecCali
https://t.co/paurmrSz8q
API security vulnerability in a popular InfiniteWP Client plugin for WordPress. Attackers can exploit the API endpoint for adding a new site to log in to WordPress as admins w/o authentication. WAFs cannot protect b/c malicious & legit calls look identical https://t.co/kfoMJluI9R
