API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

There are several API security guides online but this has to be the most comprehensive: Awesome API Security from André Rainho. Absolutely guaranteed to be something for everyone in here.

https://github.com/arainho/awesome-api-security

Interesting read from @kcblogumi on utilizing GraphQL as an enterprise API Gateway enabling security features such as depth limiting, rate limiting, and query cost limitations.

https://levelup.gitconnected.com/graphql-is-the-new-api-gateway-383edeed4bcd

Threat Horizons report published into vulnerable Google Cloud Platforms — "in most cases, the unauthorized access was attributed to the use of weak or no passwords for user accounts or API connections (48%)"

https://thehackernews.com/2021/11/hackers-using-compromised-google-cloud.html

Always good to see new API security training courses and this one is no exception: check out the @AppSecEngineer 2021 guide to API security

https://appsecengineer.com/hackerman-hub/2021-guide-api-security-what-you-need-know

API Security weekly newsletter issue #161 is out. Main stories this week from @Ub3rsick on a vulnerability in Wipro Holmes Orchestrator, tips for API security from @InonShkedy, research from @alissaknight and views from on shift-left from @colindomoney

https://apisecurity.io/issue-161-vulnerability-in-wipro-holmes-orchestrator-report-into-vulnerabilities-in-fintech-and-banking-apps/

From the APISecurity.io Twitter

There are several API security guides online but this has to be the most comprehensive: Awesome API Security from André Rainho. Absolutely guaranteed to be something for everyone in here.

https://github.com/arainho/awesome-api-security

Interesting read from @kcblogumi on utilizing GraphQL as an enterprise API Gateway enabling security features such as depth limiting, rate limiting, and query cost limitations.

https://levelup.gitconnected.com/graphql-is-the-new-api-gateway-383edeed4bcd

Threat Horizons report published into vulnerable Google Cloud Platforms — "in most cases, the unauthorized access was attributed to the use of weak or no passwords for user accounts or API connections (48%)"

https://thehackernews.com/2021/11/hackers-using-compromised-google-cloud.html

Always good to see new API security training courses and this one is no exception: check out the @AppSecEngineer 2021 guide to API security

https://appsecengineer.com/hackerman-hub/2021-guide-api-security-what-you-need-know

API Security weekly newsletter issue #161 is out. Main stories this week from @Ub3rsick on a vulnerability in Wipro Holmes Orchestrator, tips for API security from @InonShkedy, research from @alissaknight and views from on shift-left from @colindomoney

https://apisecurity.io/issue-161-vulnerability-in-wipro-holmes-orchestrator-report-into-vulnerabilities-in-fintech-and-banking-apps/