API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

Our developer-friendly tools help you to assess how secure your APIs really are and to remediate all vulnerabilities at design and runtime.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

From @OxeyeSecurity comes news of a security vulnerability in Golang-based applications. Under certain conditions, it lets a threat actor bypass validations based on HTTP request parameters.

https://www.oxeye.io/blog/golang-parameter-smuggling-attack

Just when you thought you knew everything about rate-limiting comes this fantastic deep dive on the topic from @adenforshaw.

https://theauthapi.com/articles/right-ways-of-rate-limiting/

In the news recently was the inadvertent leakage of thousands of Twitter API keys — make sure you rotate your keys.

https://www.infosecurity-magazine.com/news/thousands-of-apps-leaking-twitter/

Courtesy of @thenewstack, we have views from @traceableai on the importance of cataloging APIs as a key step toward improved API security — "you can't secure what you can't see."

https://thenewstack.io/api_catalogs_deliver_security_benefits/

API Security weekly newsletter issue #196 is out. Main stories this week from @nordicapis on software supply chains, API adoption in healthcare, @Azure baselines for API management, and a free software security course from @linuxfoundation.

https://apisecurity.io/issue-196-software-supply-chains-apis-in-healthcare-azure-api-management-baselines/

From the APISecurity.io Twitter

From @OxeyeSecurity comes news of a security vulnerability in Golang-based applications. Under certain conditions, it lets a threat actor bypass validations based on HTTP request parameters.

https://www.oxeye.io/blog/golang-parameter-smuggling-attack

Just when you thought you knew everything about rate-limiting comes this fantastic deep dive on the topic from @adenforshaw.

https://theauthapi.com/articles/right-ways-of-rate-limiting/

In the news recently was the inadvertent leakage of thousands of Twitter API keys — make sure you rotate your keys.

https://www.infosecurity-magazine.com/news/thousands-of-apps-leaking-twitter/

Courtesy of @thenewstack, we have views from @traceableai on the importance of cataloging APIs as a key step toward improved API security — "you can't secure what you can't see."

https://thenewstack.io/api_catalogs_deliver_security_benefits/

API Security weekly newsletter issue #196 is out. Main stories this week from @nordicapis on software supply chains, API adoption in healthcare, @Azure baselines for API management, and a free software security course from @linuxfoundation.

https://apisecurity.io/issue-196-software-supply-chains-apis-in-healthcare-azure-api-management-baselines/