The benefits and the security impact of API adoption   Opening Statement APIs or Application Programming Interfaces have become the beating heart that enables digital innovation, with organizations already benefitting from the efficiency and interoperability that they provide. This is particularly true in the Legal industry where APIs have become critical in the facilitation of large data flows. Due to the nature of the data, safeguarding this information is of paramount importance. In this blog I’ll delve into the importance of API security within the legal industry and why it’s a no lon ..read more

Blending Innovation, Industry Standards & the OWASP/NIST frameworks In the dynamic landscape of cybersecurity, where threats are increasingly sophisticated, the need for a robust, detailed risk assessment strategy has never been more crucial. Today, we pull back the curtain on how Wib, an industry innovator in the API security field, delivers continuous risk assessment, focusing on its unique Risk Score system and its alignment to OWASP and NIST industry standards frameworks. Decoding Wib’s Risk Score system for API endpoints API endpoints, the gateways that allow communication between dif ..read more

The Open Web Application Security Project (OWASP) is a non-profit organization committed to improving the security of software. One of its well-known contributions is the OWASP API Security Top 10, a regularly updated, standard awareness document for developers and web application security that represents a broad consensus about the most critical security risks to APIs. Let’s dive into the changes introduced in the new 2023 list. Changes in the OWASP API Security Top 10 2023 Before we dive into the details, let’s look at the changes in the OWASP API Security Top 10 list from 2019 to 2023: 2 ..read more

Overcoming security challenges across the API lifecycle Security sometimes feels like an afterthought for applications projects, resulting in security measures being introduced late in the process. This can lead to two significant challenges. First, developers may have to rewrite and restructure the codebase to meet security requirements, which can cause costly delays. Second, security vulnerabilities that are detected late may result in security breaches and expose the organization to a longer exposure window. In this blog, we’ll discuss the ways Wib’s advanced API security solution can help ..read more

As more companies adopt microservice architectures, APIs (application programming interfaces) have become crucial for communication between services. However, this increased usage also presents security risks, particularly in the form of Shadow and Zombie APIs. If you’re wondering what these are and why they matter, we will discuss these two API types, their potential threats, and why it’s important for organizations to be aware of them. by Refael Lachmish    What are Shadow and Zombie APIs? First, let’s define these spooky terms. Shadow APIs are APIs that exist within an organizatio ..read more

Staying ahead of the game-changing transformation from monolithic to microservices architecture By Yonathan Michaeli   It’s often said that API security is different and presents new challenges. However, the way to protect your APIs relies on old and proven principles. In this post we look in detail at how to adopt API security in line with the Cybersecurity Framework of NIST (National Institute of Standards and Technology, a US government agency). Reconciling ‘opening up’ with ‘shutting down’ We are now witnessing the increasing power and impact of APIs within businesses being compounded ..read more

Separate the signal from the noise by Sapir Hajaj Organizations invest in various security programs and tools to effectively manage security threats in today’s digital world. However, having too many tools can create a lot of noise and increase complexity, making it difficult to identify and respond to real threats. This is particularly evident in API security, where API context factors such as business function, API relationships, and data sensitivity make it very challenging to prioritize treatment optimally. In this post, we examine how organizations struggling to manage issues from detecti ..read more

The API Economy Application Programming Interfaces (API) are functions and resources that allow applications to interact with each other. APIs, often described as machine-to-machine interfaces, include libraries, frameworks, toolkits, and software development kits. APIs are driving the Internet and our economy. You use an API every time you enter an app like Instagram, send a message, or check your email. APIs enable smooth data exchange. In addition, APIs make it simple for developers to add new functionality to their apps. Rather than constructing a product from scratch, a developer can use ..read more

Introduction Coinbase is the world’s largest cryptocurrency exchange. In Feb 2022, a bug in Coinbase’s API allowed an attacker to trick Coinbase into selling coins the attacker did not have. This API security issue allowed attackers to effectively print crypto money by selling, for example, Bitcoins they did not have on Coinbase – in exchange for USD. Thankfully for Coinbase and the entire crypto market, the attacker that found this hack put on his white hat and disclosed the issue to Coinbase. It’s hard to overstate the amount of damage this API security bug could have caused to Coinbase had ..read more

Introduction APIs expose application functionality as well as sensitive data such as Personally Identifiable Information (PII), making them a target for attackers. APIs provide a contract, but they lack the necessary safeguards to ensure that the contract is followed, providing a significant security risk to the backend services to which they connect. The increase of API-related security threats in recent years has prompted the Open Web Application Security Project (OWASP) to release the API Security Top 10, which helps raise awareness of the most serious API security issues affecting organiza ..read more