API Brief #8: API penetration testing checklist, Don’t organize APIs against ownership, Shadow APIs require a search light of discovery

This week, we have an article about API penetration testing which is the process of testing the security of an API by attempting to exploit vulnerabilities in it.

And a read about why it doesn’t matter how APIs are organized, in layers, by business domain or any other dimension if you don’t take care of the most important one. The one dimension that rules them all: ownership.

Shadow APIs require a search light of discovery At breakneck speed, APIs from many sources are being adopted across most organizations. APIs are now at the core of the expanding digital business economy – and they are here to stay.
07/04/2022

API penetration testing checklist

An evergreen article this week – API penetration testing checklist API Mike blogged on API penetration testing checklist. API penetration testing checklist is important because it helps ensure that all aspects of a web application are tested for security vulnerabilities. Mike moves on to outline 8 steps you should take when starting pentesting.

30/03/2022

Don’t organize APIs against ownership

Don't organize APIs against ownership

The third article – Dont organize APIs against ownership Arnaud Lauret writes about “3 dimensions to consider for a successful API-First strategy” It includes API Layers, Business domains (or capabilities), and Ownership. In this article Arnaud talk about the importance of ownership in the organization of APIs. The one dimension that rules them all: ownership. It doesn’t matter how APIs are organized, in layers, by business domain or any other dimension if you’re not taking care of the most important one…
You can find part 1 and part 2 in the links.
05/04/2022

Shadow APIs require a search light of discovery

An interesting piece this week titled Shadow APIs require a search light of discovery

According to Traceable AI CMO Ashish Kuthiala, there are 7.1 billion APIs in use globally. Gartner predicts that by the end of 2022, API misuse will be the most common attack vector. To identify and protect against attacks, organizations must understand their whole API ecosystem, including the dangers associated with each one. Shadow APIs necessitate a global view of all APIs and data flows. For application and process developers, knowing how their services behave in real-time gives them an unprecedented ability to safeguard and improve their programs.

APIBrief.com

A weekly dosage of API Security briefs to help you stay up-to-date.

Protect your API with the latest security news, updates, and events. Subscribe to our API newsletter

More briefs: