Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework (CSF). It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to v2.0, and how it applies to API security. Raj and Tim really dug deep into a lot of issues, and answered a lot of questions…
It’s been reported that 2.6 million user records sourced from the Duolingo app are for sale. The attacker apparently obtained them from an open API provided by the company. There’s a more technical explanation available here. While we talk a lot about the vulnerabilities in the OWASP API Top-10 and the exploits associated with those vulnerabilities, this incident provides a good reminder that not all vulnerabilities are flaws in code. In fact, this API was…
The Wallarm API Discovery module has been further enhanced to enable customers to identify Orphan APIs and bring them under management. In this post we’ll discuss what Orphan APIs are, why they matter, and how to regain control of your API portfolio. What Are Orphan APIs? Orphan APIs are endpoints that are part of the API specification but that are not requested in an application. This happens for a variety of reasons, such as being…
The recent CISA advisory concerning BOLA (IDOR) vulnerabilities is a wake-up call to bolster our web application security.
📣 Good news for all tech enthusiasts! The highly anticipated 2023 State of the API Report, conducted by Postman – one of the leading dev tools for building APIs, is now available. This comprehensive report, produced annually, is backed by an extensive survey and offers a deep dive into the challenges and advancements in the realm of APIs. In this blog post, we explore the 2023 State of the API Report conducted by Postman to…
Our Q2-2023 API ThreatStats™ report is out. It provides API builders, defenders, breakers, and decision-makers with a comprehensive look at the API security vulnerabilities, threats and exploits reported this past quarter. This report provides everyone involved in API development, security and strategy with actionable intelligence to strengthen their API security posture. Download the report to learn how you may be able to improve your API protections. At a high level, we see the API threat…