API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

Our developer-friendly tools help you to assess how secure your APIs really are and to remediate all vulnerabilities at design and runtime.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

A new vulnerability (CVE-2022-1388) has been discovered in F5’s BIG-IP in the load balancing and security suite giving an unauthenticated attacker remote code execution (CVSS 9.8). Users should patch urgently.

https://thestack.technology/critical-new-big-ip-vulnerability-cve-2022-1388/

Want to know where you are on your API security journey? Our friends at @curityio have put together a 4 stage maturity model worth a look.

https://curity.io/resources/learn/the-api-security-maturity-model/

Today sharing a great resource from Nick Aleks built for bug bounty hunters, security researchers, and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations.

https://github.com/nicholasaleks/graphql-threat-matrix

Today we feature news of an API vulnerability on the Google Cloud Platform enabling potential access to the control plane.

https://www.mitiga.io/blog/misconfiguration-hidden-dangers-cloud-control-plane

API Security weekly newsletter issue #183 is out. Main stories this week include the vulnerability in the VeryFitPro app, @CrowdStrike on Docker API crypto mining, @PortSwigger on TruffleHog v3, and Gary Archer at @curityio on scaling API security.

https://apisecurity.io/issue-183-api-vulnerability-in-veryfitpro-exposed-docker-apis-targeted-by-botnets-trufflehog-finds-stored-credentials/

From the APISecurity.io Twitter

A new vulnerability (CVE-2022-1388) has been discovered in F5’s BIG-IP in the load balancing and security suite giving an unauthenticated attacker remote code execution (CVSS 9.8). Users should patch urgently.

https://thestack.technology/critical-new-big-ip-vulnerability-cve-2022-1388/

Want to know where you are on your API security journey? Our friends at @curityio have put together a 4 stage maturity model worth a look.

https://curity.io/resources/learn/the-api-security-maturity-model/

Today sharing a great resource from Nick Aleks built for bug bounty hunters, security researchers, and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations.

https://github.com/nicholasaleks/graphql-threat-matrix

Today we feature news of an API vulnerability on the Google Cloud Platform enabling potential access to the control plane.

https://www.mitiga.io/blog/misconfiguration-hidden-dangers-cloud-control-plane

API Security weekly newsletter issue #183 is out. Main stories this week include the vulnerability in the VeryFitPro app, @CrowdStrike on Docker API crypto mining, @PortSwigger on TruffleHog v3, and Gary Archer at @curityio on scaling API security.

https://apisecurity.io/issue-183-api-vulnerability-in-veryfitpro-exposed-docker-apis-targeted-by-botnets-trufflehog-finds-stored-credentials/