API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

With the shift to APIs, IoT and mobile made WAFs highly dissatisfied. See report by @PonemonPrivacy. 86% WAF customers had in last 12 months attacks that bypassed WAF. 2.5 FTEs required to maintain then. Average TCO is $620K/yr. https://t.co/rK7oy87Sjr

Now #Asus PC update service got hacked. Successful man-in-the-middle attack because the service used HTTP and did not properly check signatures on files. Always use https and never trust any unsigned data. Issue found by @cherepanov74 / @ESET https://t.co/cWJzExbTUj

Over 25,000 Linksys Smart Wi-Fi routers have an unprotected API that leaks data on all connected devices: name, MAC address, OS, firewall status, settings for WAN, firmware update & DDNS. Also, tells if admin pwd is default or changed. https://t.co/vCV8gdxR2S via @bad_packets

API Security Weekly newsletter issue 31 is out. Main stories by @campuscodi / @ZDNet, @a85 / @postmanclient, @SecurityWeekly / @maldermania, @7Elements, @mossab_hussein / @zackwhittaker / @TechCrunch, : https://t.co/vsrc8rnRvI

From the APISecurity.io Twitter

With the shift to APIs, IoT and mobile made WAFs highly dissatisfied. See report by @PonemonPrivacy. 86% WAF customers had in last 12 months attacks that bypassed WAF. 2.5 FTEs required to maintain then. Average TCO is $620K/yr. https://t.co/rK7oy87Sjr

Now #Asus PC update service got hacked. Successful man-in-the-middle attack because the service used HTTP and did not properly check signatures on files. Always use https and never trust any unsigned data. Issue found by @cherepanov74 / @ESET https://t.co/cWJzExbTUj

Over 25,000 Linksys Smart Wi-Fi routers have an unprotected API that leaks data on all connected devices: name, MAC address, OS, firewall status, settings for WAN, firmware update & DDNS. Also, tells if admin pwd is default or changed. https://t.co/vCV8gdxR2S via @bad_packets

API Security Weekly newsletter issue 31 is out. Main stories by @campuscodi / @ZDNet, @a85 / @postmanclient, @SecurityWeekly / @maldermania, @7Elements, @mossab_hussein / @zackwhittaker / @TechCrunch, : https://t.co/vsrc8rnRvI