Security News

Authenticating an API requires the developer to have a complete understanding of the transaction - from the user interaction through to the outcome - so it requires them to go beyond the limits of the API specification itself. These range from HTTPS and a username and password to API keys which generate a unique string of characters for each OAuth authentication request, which sees developers use a well-known authorization framework to automatically orchestrate approvals.

Introducing the book: Project Zero TrustIn this Help Net Security video interview, George Finney, CSO at Southern Methodist University, talks about his latest book - "Project Zero Trust: A Story about a Strategy for Aligning Security and the Business". How the CIO's relationship to IT security is changingIn this Help Net Security video, Joe Leonard, CTO at GuidePoint Security, illustrates how the role of the CIO is changing as cybersecurity priorities and responsibilities are creeping into the job description.

It's hard to write good API specifications, and since most API gateways use them as IAC, they should be carefully checked for common mistakes. Writing an API that sticks to the original design is extremely difficult, and it must be validated because it differs from the original spec in some places.

The application programming interface has been around pretty much as long as computing itself, but it's perhaps only since the early years of the millennium that its use exploded with a mass shift to web applications. So much so that many of the most popular applications we all use on a daily basis would stall without them.

Noname Security announced the findings from its API security report, "The API Security Disconnect - API Security Trends in 2022", which revealed a rapidly growing number of API security incidents, concerning lack of API visibility, and a level of misplaced confidence in existing controls. 76% of respondents have suffered an API security incident in the last 12 months, with these incidents primarily caused by Dormant/Zombie APIs, Authorization Vulnerabilities, and Web Application Firewalls.

Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. The Kinsing actors have also been involved in campaigns against container environments via misconfigured open Docker Daemon API ports to launch a crypto miner and subsequently spread the malware to other containers and hosts.

How can you protect your APIs from bots and bot attacks? Keep reading to learn effective ways for API bot detection and protection. Why is the risk of bot cyberattacks on APIs so high and common? 40% of organizations reported that more than half of their applications are exposed to third-party services or the internet owing to APIs.

Paying attention to your API calls is important to avoid passing duplicate or repeated requests to the API. When two deployed APIs try to use the same URL, it can cause repetitive and redundant API usage problems. DDoS API attacks target not only your servers where the APIs are running but also each API endpoint.

Postman released the results of its 2022 State of the API Report, which surveyed more than 37,000 developers and API professionals on a range of topics, including their organizations' priorities, how they get their work done, and where they see the industry going. API investments to remain strong, despite economic headwinds: Investments in APIs will increase or stay the same over the next 12 months, said 89% of global respondents.

A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. This Help Net Security video reveals how run-time security threats against mobile apps and APIs continue to inflict damage on organizations.