API security warrants its own specific solution
Starting with an article by Jason Kent from Cequence Security API security warrants its own specific solution blogged on the subject of Application programming interfaces (APIs) can provide ready access to back-end systems and sensitive data sets. OWASP Foundation recognizes this fact via the API Security The OWASP Foundation provides guidance on how to secure APIs to protect sensitive data.
Exposed Travis CI API Leaves All FreeTier Users Open to Attack
This week’s must-read article by Dark Reading Exposed Travis CI API Leaves All Free Tier Users Open to Attack on the subject of A security flaw in the Travis CI API has left tens of thousands of developers’ user tokens exposed to attack. Threat actors could use the tokens to wage attacks in the name of the developers.
Why the Long View Matters in API Attack Protection
We have a detailed article by Bret Settle Why the Long View Matters in API Attack Protection in his article on API attacks don’t always look overtly malicious, and attackers frequently take their time. API attacks are a two-edged sword: They expose business functionality and allow an attacker to cause serious damage to an organization with little effort.