API Brief #9: Is API Security on Your Radar? APIs Are Here to Stay so Get in Front of Securing Them, OpenAPI is Your Source of Truth

This week, we have an article about 91% of businesses that have implemented APIs in their business systems experienced incidents related to breaches in security and cyber-attacks.

An article about the fact that APIs are here to stay and how should you get in front and start securing them.

Finally an article about OpenAPI that provides the human and machine-readable contact that defines what each version of your digital resource or capabilities does.

API Brief #8: API penetration testing checklist, Don’t organize APIs against ownership, Shadow APIs require a search light of discovery

This week, we have an article on API penetration testing is the process of testing the security of an API by attempting to exploit vulnerabilities in it. You want to find any security flaws that could be used by hackers and fix them before they can be used. This is the goal of API penetration testing.There is no single checklist for performing API penetration testing, as the process will vary depending on the specific API and its security vulnerabilities. However, there are some common steps that should be included in any API penetration testing process.. Shadow APIs require a search light of discoveryAt breakneck speed, APIs from many sources are being adopted across most organizations. APIs are now at the core of the expanding digital business economy – and they are here to stay. Finally, It doesn’t matter how APIs are organized, in layers, by business domain or any other dimension if you don’t take care of the most important one. The one dimension that rules them all: ownership.

API Brief #7: Advanced tech to defend API hacking is now readily available to SMBs, Spring4shell and how to protect yourself, RapidAPI collected 150M to help companies

This week, we have a comprehensive article on the most popular Java framework Spring boot used to create server side apps, appears to be vulnerable to RCE.. The vulnerability was found after a set of Tweets showing a new POC exploit on the JAVA library Spring Core.
Immediately referred to as “Spring4Shell” by users online. The first half of 2018 was marked by an increase in API-related data breaches, with the 10 largest companies reporting the loss of 63 million personal records. SMBs are at a disadvantage when it comes to API security because they often don’t have the same level of security resources as larger enterprise size businesses. The threat that API security breaches pose to enterprises should not be taken lightly. And finally, RapidAPI has raised $150 million in a series D round of funding. The API discovery and management platform is valued at a cool $1 billion. It helps businesses find the right APIs for their use-case, connect to those APIs, and then test and monitor those APIs to ensure that they remain robust and secure.

API Brief #6: Attackers have come to love APIs as much as developers, Monetize your API using the Stripe Mongoose API, Securing partner API integrations with OAuth mTLS

featured_image

Of the 21.1 billion transactions analyzed in the last half of 2021, 14 billion (70 percent) were API transactions. A report that was released by Cequia Security. Than we have an article on A web API can create a million-dollar business. In this article, you will learn how to monetize your API with a library called Stripe Mongoose API. Lastly and article about Cloudentity that acts as the OAuth authorization server and token issuer based on OAuth specifications to govern and protect API resource request and access.

API Brief #5: Rogue APIs VS zombie APIs, VMware Horizon servers are under active exploit, and 3 Facts About Kevin Mitnick and the Global Ghost Team

featured_image

In this brief, we have an article about rogue APIs and zombie APIs. Right after, we have an article about the security firm SentinelOne and how it has dubbed a group TunnelVision. The name is meant to emphasize TunnelVision’s heavy reliance on tunneling tools. In the past, TunnelVision has exploited so-called “1-day” vulnerabilities. And finally, a story about Kevin Mitnick, who is a trusted security consultant to Fortune 500 companies and governments worldwide.

API Brief #4: What is Product Claims Testing, Detecting Breaking Changes Across API Versions, and three questions to ensure API security

API BRIEF #4

There is also an excellent article on Product claims testing, or product testing, has been around for decades to help organizations avoid potential lawsuits. A product test will show whether the product they’re looking at provides value or if there is an alternative in the market that might . API governance is still very much mired in the design phase of evolution. Optic-ci allows you to detect breaking changes in the CI/CD pipeline using their open source approach to API governance. Finally, we have an article on Over a quarter of businesses have doubled API usage in the past year . 5% say they have more than tripled their API use . Traditional tools fail to protect the plethora of new threats associated with ultra-modern APIs .

API Brief #3: Millions of WordPress sites get forced update to patch critical plugin flaw, Most QNAP NAS Devices Affected by Dirty Pipe Linux Flaw, OWASP Foundation and AppSec Phoenix Announce Member Benefit

OWASP Foundation and AppSec Phoenix Announce Member Benefit

First we have an interesting read about Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus. Next we have an article on The “Dirty Pipe” Linux kernel flaw which is a high-severity vulnerability. It grants root access to unprivileged users who have local access. QNAP said that as of yesterday, there was no mitigation available. Lastly OWASP Foundation and AppSec Phoenix Announce Member Benefit

API Brief #2: Coinbase API vulnerability bug, Dirty Pipe Privilege Escalation Vulnerability in Linux, Linux has been bitten by its most highseverity vulnerability in years

Coinbase API vulnerability bug

Great fast read about Coinbase API vulnerability bug. While he investigated the issue, API Mike blogged that Coinbase halted all trading and withdrawals while they investigated the issue. The bug has since been fixed, and the exchange has resumed trading. This bug is just the latest in a long line of cryptocurrency exchange hacks. In the future, as cryptocurrency becomes more mainstream, we can expect more secure exchanges and more secure wallets. But for now, we have to be careful and vigilant about where we store our cryptocurrency. The hacks are a reminder that cryptocurrency is still very new and that safety is very important.