Security News

The rise of API use has also led to an increase in the number of API breaches. For these reasons, it's essential to implement robust security measures to protect your APIs, and the data traversing them, to prevent breaches from occurring.

While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report by Traceable AI and Ponemon Institute. Plus, 57% of respondents feel traditional security solutions, including web application firewalls, can't effectively distinguish genuine from fraudulent API activity.

The OWASP API Security Project leaders had their work cut out when deciding how to group and prioritize the threats. It no longer makes sense to monitor for API attacks and bot attacks separately: bot mitigation has to become part of API security.

In this Help Net Security video, Andy Hornegold, Product Lead at Intruder, dives into API security and explores how several recent high-profile breaches were caused by simple failings - which didn't require sophisticated security to prevent. The number of APIs is increasing year on year as more organizations are building APIs to facilitate automation.

API security isn't solely the responsibility of IT security professionals. Your API gateways, WAFs, and other security technologies and infrastructure should work with the API contract to provide seamless CI/CD integration and automation across the software and API lifecycle.

Google's plans to introduce the Web Environment Integrity API on Chrome has been met with fierce backlash from internet software developers, drawing criticism for limiting user freedom and undermining the core principles of the open web. Google says this is not a privacy risk as it does not enable cross-site user tracking and won't interfere with browser or plugins/extensions functionality.

According to the company, this change to the App Store API rules ensures developers don't abuse APIs for user fingerprinting. Developers must choose one or more approved reasons that accurately align with their app's API usage.

The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their...

VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs and Isolation Segment caused by credentials being logged and exposed via system audit logs. Tracked as CVE-2023-20891, the security flaw addressed today by Vmware would allow remote attackers with low privileges to access Cloud Foundry API admin credentials on unpatched systems in low-complexity attacks that don't require user interaction.

The 2023 SANS Survey on API Security found that the top risk is phishing attacks. The 2023 global survey, which polled 231 application security professionals, found that fewer than 50% of respondents have API security testing tools in place and only 29% have API discovery tools.