Security News

The following article is based on a webinar series on enterprise API security by Imvision, featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization's visibility of its APIs as a way to accelerate remediation efforts and improve the overall security posture. In these organizations, it is imperative to have a centralized API location with deployment into each of these locations, to ensure greater visibility and better management of API-related business activities.

In this Help Net Security interview, Tal Steinherz, CTO at Wib, talks about the importance of API security awareness and how to tackle numerous thretas that are plaguing it. API security is widely being considered, yet breaches continue to plague many organizations.

The new visibility challenge, with so much core business depending on interconnecting processes and data via APIs, requires that companies need to know what APIs they expose externally and internally and how they should behave. Traditional tools, such as WAFs and API Gateways were built for a different purpose and lack the ability to discover APIs and provide a complete inventory of them.

Zombie APIs commonly arise when old and less secure versions of your APIs are left to live another day. For some reason, finding shadow and zombie APIs seems to be a much easier task for bad actors than it is for internal security and risk teams.

Continuous software development results in the frequent release of new API versions. API sprawl introduces significant operational and security challenges.

This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. We've got an API security course and cloud security course to deepen our security-related knowledge in these domains.

This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. We've got an API security course and cloud security course to deepen our security-related knowledge in these domains.

API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.

API security issues: Enterpises must apply a zero trust approach. The findings revealed that only a staggering 2% of enterprise IT practitioners in these industries feel completely confident in their organization's ability to reduce API security issues such as unauthorized access, data privacy, compliance risk and security threats.

Whether pursued as a compliance requirement or a business strategy, open banking has ignited financial services firms to focus on APIs and API security. Financial services API security issues 54 of the 55 mobile apps that were reverse engineered contained hardcoded API keys and tokens including usernames and passwords to third-party services.