This week, we have articles on the threats to enterprises in the cloud and another on the looming threats to APIs. We also examine the challenges posed by API threats in the utility and energy sectors. We also have technical articles on using AI to hack the crAPI vulnerable API and how to generate SDKs from your API contracts. Finally, we have news on two upcoming events.  Article: Security threats to enterprises in the cloud In the first article this week, Forbes discusses the various security risks companies face when moving their operations and data to the cloud. While cloud service pr ..read more

This week, we have articles on the economics of API attacks, and how developers can prevent them, and how to create an API solution wishlist with developers in mind. We also have technical articles on understanding cross-origin resource sharing (CORS) for APIs and how to secure APIs by blocking compromised tokens. We also have a double-header from Dana Epp to conclude this edition. Article: The economics of API attacks First up this week are the thoughts of The New Stack on the economics of API attacks and how developers can stop these attacks. According to the author, APIs have become a prime ..read more

This week, we have thoughts from Bill Doerrfeld on how API governance is essential to counter technology sprawl. We also have commentary on how API security is essential in the age of digital transformation and another on why APIs are the new battleground for security. We have two articles on AI for APIs: firstly, how to use AI to find API bugs and how AI will enable APIs. Finally, we close with Dana Epp on using JS Miner to detect API endpoints and source code. Article: API governance to avoid technology sprawl The first article this week is an excellent piece from Bill Doerrfeld on how API g ..read more

This week, we have news of two critical vulnerabilities in the Fortinet FortiSIEM product. We also have articles on making public APIs private and building an API security strategy. Dana Epp offers his thoughts on the difference between endpoints and routes, and we have two developer-focused tutorials, one on securing gRPC and the other on Django API security best practices. Vulnerability: Two critical flaws in Fortinet FortiSIEM product This week’s main news is the further coverage of the two critical issues reported in the Fortinet FortiSIEM product courtesy of The Register. The two vulnerab ..read more

This week, we have news of a record four API security related incidents. The first comes from Troy Hunt on a leakage on the new Spoutible social media site, with the second big ticket item being the leakage of 15 million profiles on Atlassian’s Trello. There’s also a report on the leakage of over 18,000 API tokens and the leakage of Office 365 accounts via a misconfigured server. We also feature a guide on implementing basic authentication on Spring Boot. Vulnerability: Vulnerabilities in Spoutible API The first vulnerability this week comes to us from the founder of Have I Been Pwned, Troy Hu ..read more

This week, we have news of a recent API token breach affecting the popular Hugging Face AI portal and a vulnerability in the SonicWall firewall affecting 178,000 instances. We also have a comprehensive API security checklist and a guide on selecting the most suitable API gateway for Kubernetes environments. Finally, we have a practical guide on securing APIs using the Express framework and a pair of blogs from Dana Epp.  Breach: Hugging Face AI platform exposes API tokens This week’s main news is recent research indicating large-scale leakage of API tokens on the popular Hugging Face AI p ..read more

This week, we have views from Forbes on how APIs are being used to target businesses and articles on the role of cloud-native for APIs and how APIs are becoming attractive targets. We also have a doubleheader from Dana Epp covering his predictions for 2024 and structured format injection attacks. We also have news of upcoming events from 42Crunch. Article: Attackers are using APIs to target your business his week’s first article is Forbes coverage on how attackers are using APIs to target businesses. The article cites the findings of the US Securities and Exchange Commission (SEC) into a major ..read more

This week, we have a pair of doubleheaders — firstly, The New Stack on six API trends for 2024 and how API keys are leading to vulnerabilities, and then Kin Lane (aka. APIEvangelist) on the future of API gateways and why API discovery is hard. We also have an article on threat modeling for API gateways and news of 42Crunch at the API Summit in Austin. Article: Six API trends for 2024 The first article this week comes from The New Stack on their trends for APIs in 2024. API adoption and evolution continue to be a hot topic, and this article identifies some really interesting trends as the indus ..read more

This week, we have an article on the value of using a developer portal for APIs, a guide from Dana Epp in finding “dark data” in an API, and an update from PortSwigger on their Web Security Academy resources for learning more about API security. We also have an update on the API vulnerabilities reported in the Ray AI framework last week and news on the latest webinar from 42Crunch. Finally, as it is the season for such things, I make a few predictions for API security in 2024. Article: Using a developer portal for APIs The first article this week comes courtesy of The New Stack and covers the ..read more

This week, we have news of four API-related security vulnerabilities, including Kronos’s $25m loss. Other vulnerabilities include a malware threat of DDoS on Docker APIs, a report on vulnerabilities on WordPress and Netflix, and an API vulnerability found in the Ray AI framework. We also have an article on why APIs are fertile ground for attackers and on protecting APIs for online retail. Breach: Kronos suffers $25m loss involving API key loss The most important news this week is the breach at the cryptocurrency fintech firm Kronos Research, who revealed in a post on X that they had suffered a ..read more