API Security – Analysis, News and Insights

API-First Strategies Require API-First Security

Posted on August 3, 2021 by David Stewart

Editor’s note: This post was originally published in July 2021 in ToolBox.
Back in 2017, Gartner predicted that API abuse would be the most frequent attack vector for data breaches by 2022. Two years later, when exposed APIs already made up 40% o… Continue reading API-First Strategies Require API-First Security→

Guest Blog: Alissa Knight on ‘Playing with FHIR’

Posted on June 2, 2021 by David Stewart

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight. This is the third blog in a series about the security risks exposed by the push to adopt FHIR APIs in US healthcare.
The post Guest Blog: Aliss… Continue reading Guest Blog: Alissa Knight on ‘Playing with FHIR’→

Guest Blog: Alissa Knight on ‘FHIR Walker: Authentication and Authorization in FHIR APIs’

Posted on May 13, 2021 by David Stewart

We are delighted to be hosting some unique content from our friend and recovering hacker Alissa Knight who will be writing on the topic of healthcare API security. In the first article, Alissa provided a plain English explanation of FHIR from the … Continue reading Guest Blog: Alissa Knight on ‘FHIR Walker: Authentication and Authorization in FHIR APIs’→

API Keys Can Be Phished Too

Posted on May 10, 2021 by Richard Taylor

Photo credit: iStock.com/Evkaz
We are all very aware of the issues around phishing of user credentials. But it is not only users that can be phished, apps can be too. In previous blogs we’ve shown you how you can make a MITM attack against an app…. Continue reading API Keys Can Be Phished Too→