Download this paper to start understanding the common API security flaws in major automakers. The post Analyzing API Security Flaws in Major Automakers appeared first on Traceable API Security ..read more

Traceable API Security Platform Updates – May 2024 This past month’s releases include a major update for organizations monitoring the compliance posture of their APIs: Traceable Compliance Policies and Issues. We’ve also released span filters for fine-grained targeting of API security tests, an update to our Cloudflare WAF integration, and new detection logic for credential stuffing attacks. Compliance Policies & Issues Dashboard Maintaining an accurate and up to date API inventory and strong security controls around APIs are key requirements of many organizations’ security and compliance ..read more

The Latest API Security Trends in the Financial Sector: A CISO’s Perspective As a former CISO and security executive in the financial services industry, I’ve witnessed firsthand the rapid evolution of the threat landscape and the challenges that come with securing APIs in this sector. APIs are officially the backbone of our digital world, enabling financial institutions to innovate and deliver seamless experiences to customers. However, with this growth comes a new set of security risks that we simply cannot ignore. Unveiling API Security Trends in the Financial Sector Last year, Traceable rel ..read more

PHP CGI argument Injection: (CVE-2024-4577) Researchers discovered an RCE (remote code execution) vulnerability in PHP abusing an Argument Injection vulnerability. The vulnerability (CVE-2024-4577) was assigned a CVSS score of 9.8 (Critical). The researchers coordinated with the PHP team and announced the vulnerability on June 6 2024, at the same time when PHP released fixes for the vulnerability with versions 8.3.8, 8.2.20, and 8.1.29.  Affected Versions:  This vulnerability affects all versions of PHP installed on the Windows operating system. Please refer to the table below for de ..read more

Traceable Co-founder Reveals Key Drivers Behind the Company’s Rapid Growth In a recent interview with the NYSE at the RSA Conference 2024, Traceable co-founder and CTO Sanjay Nagaraj provided a deep dive into the factors fueling the company’s remarkable success since its launch in 2018. Nagaraj began by highlighting Traceable’s impressive funding achievements, sharing that the company has now raised a total of $110 million, including the recent $30 million strategic funding round. However, he was quick to emphasize that the surge in demand for Traceable’s solutions is driven by much more than ..read more

Traceable + Wiz: Supercharging Threat Detection with Complete Cloud and API Context When it comes to understanding application risk and detecting sophisticated threats targeting applications, context is king. Traceable is purpose-built to provide the most complete security context on APIs by capturing, correlating, and analyzing every API transaction. By partnering with Wiz, we further extend our data advantage with cloud security context, powering higher-fidelity threat detection and risk based prioritization for cloud native applications. We announced the first phase of our integration last ..read more

The State of API Security at RSA 2024: Alarming Trends and Insights Another RSA Conference has come and gone, but the insights gathered from our second annual survey of over 125 cybersecurity professionals has left a lasting impact.  The message is clear: organizations continue to struggle to keep up with the growing challenges of API security.  For years now, APIs have been the foundation upon which modern applications are built, enabling the seamless flow of data and functionality across systems. They have become the connective tissue that binds together disparate services, platfor ..read more

Airing Dirty Laundry: How API Flaws Allowed Students to do their Laundry for Free Many consumers are big fans of smart appliances and toys for their ease of use and integration into their smart home setups. It is very alluring to be able to pull up an app on your phone to turn on the lights or heat up your oven. APIs often power these features that consumers have come to enjoy. However, whenever you can remotely access your smart device, there is always a chance that someone else can too if the manufacturer has not implemented proper security measures. Tech-savvy consumers may also figure out ..read more

The Confluence Of Fraud Prevention and AppSec Through API Security APIs have become the primary way applications exchange data amongst each other. The origins of API security lie in the birth of the modern internet and the rise of web applications. As these applications used APIs for communication, concerns around unauthorized access and abuse of these interfaces began to emerge. The early 2000s saw increased focus on web application security through standards like OWASP that drove awareness around API vulnerabilities. High-profile data breaches tied directly to API vulnerabilities, such as th ..read more

Traceable API Security Platform Updates – May 2024 This past month’s releases include a major update for organizations monitoring the compliance posture of their APIs: Traceable Compliance Policies and Issues. We’ve also released span filters for fine-grained targeting of API security tests, an update to our Cloudflare WAF integration, and new detection logic for credential stuffing attacks. Compliance Policies & Issues Dashboard Maintaining an accurate and up to date API inventory and strong security controls around APIs are key requirements of many organizations’ security and compliance ..read more