Collaborate Disseminate
Authentication and authorization are broken. As an industry we’ve known this for a long time and the notion routinely emerges as “death of the password.” One might blame it on the definitions of the words: Authentication: the pr… Continue reading Continuous Contextual Authentication: Cybersecurity and Identity Converge in a Hybrid-cloud World
In our blog series on Better API Penetration Testing with Postman we discussed using Postman as the client for testing RESTful service APIs. Insomnia is an MIT-licensed open source alternative to Postman. Its commercial maintainer, Kong, is best known … Continue reading Getting Started API Penetration Testing with Insomnia
The CyberEdge Group’s recently released 2020 Cyberthreat Defense Report (CDR) details findings based on a survey of 1200 security IT professionals from around the globe. Although multiple key takeaways emerged from analyzing their perceptions and… Continue reading The 2020 Cyberthreat Defense Report: Simplify Security with Unified Tools and Monitoring
From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. According to data from Akamai, up to 75% of all credential abuse attacks against th… Continue reading Most credential abuse attacks against the financial sector targeted APIs
Facebook recently pledged to improve its security following a lawsuit that resulted from a 2018 data breach. The breach, which was left open for more than 20 months, resulted in the theft of 30 million authentication tokens and almost as much personall… Continue reading Three API security risks in the wake of the Facebook breach
A Twitter API that’s intended to help new account holders find people they may already know on Twitter has been abused by known and unknown actors to tie usernames to phone numbers and potentially de-anonymize certain users. How did it happen? &#… Continue reading State-sponsored actors may have abused Twitter API to de-anonymize users
OWASP’s API Security Project has released the first edition of its top 10 list of API security risks. The most common and perilous API security risks API abuse is an ongoing problem and is expected to escalate in the coming years, as the number o… Continue reading Security pitfalls to avoid when programming using an API
Developments in integration and APIs have provided businesses with huge benefits. Together, they provide businesses with newfound opportunity to unlock new revenue sources by making data more accessible rather than being stacked disparately at the edge… Continue reading Transact with trust: Improving efficiencies and securing data with APIs
CloudVector today launched a namesake platform designed from the ground up to make it easier to discover application programming interfaces (APIs) and then secure them. The company formerly known as ArecaBay also announced it has appointed Ravi Khatod… Continue reading CloudVector Unveils Platform for Securing APIs
As a result of a broadening threat landscape and the ever-increasing usage of APIs, the OWASP API Security Top 10 Project was launched. From the start, the project was designed to help organizations, developers, and application security teams become mo… Continue reading Breaking Down the OWASP API Security Top 10 (Part 1)