API Security Archives

Emerging Protocols and Security

By Bill Oakes, CISSPPosted on September 25, 2023September 25, 2023

In his latest blog, Bill takes a look at a few of the emerging API protocols and their impact on enterprise security models – with a few pointers for mitigating those concerns.

OWASP API Security Risks: What’s Ahead

By Balaji Radhakrishnan, PMP, CISSPPosted on September 18, 2023September 18, 2023

In this final blog in his series on OWASP API Security Top Ten, Bala takes a look at what’s likely ahead for API and application developers.

2023 OWASP Top Ten API Security Risks: Unrestricted Resource Consumption, Unrestricted Access to Sensitive Business Flows and Security Misconfiguration

By Balaji Radhakrishnan, PMP, CISSPPosted on September 11, 2023September 26, 2023

In part two of this series on the updated OWASP Top Ten API Security risks, Bala examines three more of the Top Ten: Unrestricted Resource Consumption, Unrestricted Access to Sensitive Business Flows and Security Misconfiguration.

Crank-Up Your API Security with Sender-Constrained API Tokens

By Francois LascellesPosted on September 6, 2023September 6, 2023

In his latest blog, Francois takes a look at the API security best practice of sender-constraints and how to apply it to improve your overall security posture.

2023 OWASP Top 10 API Security Risks: Broken Authorization and Authentication

By Balaji Radhakrishnan, PMP, CISSPPosted on August 28, 2023August 28, 2023

In this first piece of our three-part series, we’ll examine the top three risks on the 2023 list: Broken Object Level Authorization, Broken Authentication and Broken Object Property Level Authorization.

The Open Web Application Security Project

By Bill Oakes, CISSPPosted on August 21, 2023August 21, 2023

This blog reviews the OWASP, the Top Ten and API Security Top Ten, and opens the door for an upcoming series on the latter two.

API Security – Who is your Provider?

By Balaji Radhakrishnan, PMP, CISSPPosted on June 29, 2023June 29, 2023

In his latest blog, Bala discusses the fundamentals of API security and what to look for with your API security provider.

API Protection using In-memory Data Service

By Balaji Radhakrishnan, PMP, CISSPPosted on May 10, 2023May 10, 2023

In today’s digital ecosystem, enterprises are monetizing their valuable digital assets byconverting and exposing them as APIs. While APIs are building blocks of a digitalecosystem, exposing them to the outside world effectively and securely is key for theirsuccess. This business strategy accomplishment (exchange of information and creatingan ecosystem, etc.,) is dependent on an API management […]

API Security – Today’s Virtual Moat

By Bill Oakes, CISSPPosted on March 28, 2023May 10, 2023

This blog takes a look at medieval methods to secure the castle – and how those methods actually translate directly to how modern enterprises protect their resources.

OAuth mTLS – Added Security Challenges

By Adam DuVanderPosted on November 30, 2022November 30, 2022

This latest article in a series discusses the additional security issues that arise when using mTLS, and how to mitigate those issues by combining mTLS with OAuth.