The dark side of API security 2024-10-15 at 07:02 By Help Net Security APIs are the backbone of digital transformation efforts, connecting applications across organizations, so their security is of the utmost importance. In this Help Net Security video, Lori MacVittie, a Distinguished Engineer at F5, discusses the current state of API security. A recent […]
React to this headline:
The dark side of API security Read More »
30% of customer-facing APIs are completely unprotected 2024-10-09 at 06:34 By Help Net Security 70% of customer-facing APIs are secured using HTTPS, leaving nearly one-third of these APIs completely unprotected, according to F5. This is a stark contrast to the 90% of web pages that are now accessed via HTTPS, following the push for secure
React to this headline:
30% of customer-facing APIs are completely unprotected Read More »
Could APIs be the undoing of AI? 2024-09-30 at 08:01 By Help Net Security Application programming interfaces (APIs) are essential to how generative AI (GenAI) functions with agents (e.g., calling upon them for data). But the combination of API and LLM issues coupled with rapid rollouts is likely to see numerous organizations having to combat
React to this headline:
Could APIs be the undoing of AI? Read More »
Cybercriminals capitalize on travel industry’s peak season 2024-08-28 at 06:31 By Help Net Security Cybercriminals are capitalizing on the travel and hospitality industry’s peak season, using increased traffic as cover for their attacks, according to Cequence Security. Researchers investigated the top 10 travel and hospitality sites to identify externally visible edge, cloud infrastructure, application stack,
React to this headline:
Cybercriminals capitalize on travel industry’s peak season Read More »
Common API security issues: From exposed secrets to unauthorized access 2024-08-19 at 06:01 By Help Net Security Despite their role in connecting applications and driving innovation, APIs often suffer from serious security vulnerabilities. Recent investigations reveal that many organizations are struggling with exposed secrets such as passwords and API keys, which attackers frequently misuse. The
React to this headline:
Common API security issues: From exposed secrets to unauthorized access Read More »
35% of exposed API keys still active, posing major security risks 2024-08-13 at 06:01 By Help Net Security Nightfall AI’s research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total secrets exposed per 100 employees every year. Hidden risks of secret sprawl in cloud and SaaS
React to this headline:
35% of exposed API keys still active, posing major security risks Read More »
Overlooked essentials: API security best practices 2024-07-17 at 07:31 By Mirko Zorz In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta recommends role-based access control (RBAC) and
React to this headline:
Overlooked essentials: API security best practices Read More »
Using Authy? Beware of impending phishing attempts 2024-07-11 at 15:46 By Zeljka Zorz Do you use Authy for your multi-factor authentication needs? If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping attacks. What happened? On July 1, Twilio – the company that develops the
React to this headline:
Using Authy? Beware of impending phishing attempts Read More »
Security challenges mount as as companies handle thousands of APIs 2024-06-04 at 06:31 By Help Net Security Modern applications are taking over enterprise portfolios, with apps classed as modern now making up 51% of the total, up by more than a quarter in the last year, according to F5. According to the 2024 edition of
React to this headline:
Security challenges mount as as companies handle thousands of APIs Read More »
A closer look at Apiiro’s SHINE partner program 2024-05-01 at 16:46 By Help Net Security In this Help Net Security video, Adam LaGreca, Founder of 10KMedia, sat down with John Leon, VP of Partnerships at Apiiro, discusses the company’s new technology partner program SHINE. The name stands for the program’s guiding principles – Seamless, Holistic,
React to this headline:
A closer look at Apiiro’s SHINE partner program Read More »
Damn Vulnerable RESTaurant: Open-source API service designed for learning 2024-04-17 at 07:01 By Mirko Zorz Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game. “I wanted to create a generic playground for ethical hackers, developers, and security engineers where
React to this headline:
Damn Vulnerable RESTaurant: Open-source API service designed for learning Read More »
95% of companies face API security problems 2024-03-22 at 06:31 By Help Net Security Despite the critical role of APIs, the vast majority of commercial decision-makers are ignoring the burgeoning security risk for businesses, according to Fastly. Application Programming Interfaces (APIs) have long been recognised as a bedrock of the digital economy and recent figures
React to this headline:
95% of companies face API security problems Read More »
API environments becoming hotspots for exploitation 2024-03-20 at 06:01 By Help Net Security A total of 29% of web attacks targeted APIs over 12 months (January through December 2023), indicating that APIs are a focus area for cybercriminals, according to Akamai. API integration amplifies risk exposure for enterprises APIs are at the heart of digital
React to this headline:
API environments becoming hotspots for exploitation Read More »
5 ways to keep API integrations secure 2024-03-06 at 08:20 By Help Net Security API integrations often handle sensitive data, such as employees’ personally identifiable information (PII), companies’ financial information, or even clients’ payment card data. Keeping this data safe from attackers—while ensuring that the integrations perform at the desired level—requires adopting several security measures.
React to this headline:
5 ways to keep API integrations secure Read More »
Using AI to reduce false positives in secrets scanners 2024-02-27 at 08:02 By Help Net Security As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an external service, it utilizes a token or “secret” for authentication. These tokens are the glue that keeps any
React to this headline:
Using AI to reduce false positives in secrets scanners Read More »
The importance of a good API security strategy 2024-02-21 at 06:32 By Helga Labus In 2024, API requests accounted for 57% of dynamic internet traffic around the globe, according to the Cloudflare 2024 API Security & Management Report, confirming that APIs are a crucial component of modern software development. But with their increased adoption over
React to this headline:
The importance of a good API security strategy Read More »
Spoutible API exposed encrypted password reset tokens, 2FA secrets of users 2024-02-06 at 16:33 By Helga Labus A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the Spoutible API Security consultant Troy Hunt has been tipped
React to this headline:
Spoutible API exposed encrypted password reset tokens, 2FA secrets of users Read More »
Researchers discover exposed API secrets, impacting major tech tokens 2024-02-05 at 07:33 By Help Net Security Escape’s security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets. 41% of exposed secrets were highly critical, i.e. could lead to financial risks for the organizations. Exposed API secrets The exposed secrets include
React to this headline:
Researchers discover exposed API secrets, impacting major tech tokens Read More »
APIs are increasingly becoming attractive targets 2024-01-11 at 06:01 By Help Net Security APIs, a technology that underpins today’s most used sites and apps, are being leveraged by businesses more than ever—ultimately opening the door to more online threats than seen before, according to Cloudflare. APIs power the digital world—our phones, smartwatches, banking systems and
React to this headline:
APIs are increasingly becoming attractive targets Read More »
Top LLM vulnerabilities and how to mitigate the associated risk 2024-01-10 at 07:31 By Help Net Security As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this uncertainty doesn’t mean progress should grind to a halt: Exploring AI is essential to staying competitive, meaning CISOs
React to this headline:
Top LLM vulnerabilities and how to mitigate the associated risk Read More »