The API security landscape witnessed a significant shift recently with the announcement of the acquisition of Noname Security by content delivery network (CDN) giant Akamai Technologies. This move has generated excitement within the industry, but also raising questions about its impact on both Noname and the broader API security market. Let’s delve into the details of the acquisition and explore its potential ramifications. About Noname Security Noname Security was founded in 2020 by Oz Golan and Shay Levi.  While headquartered in Palo Alto, CA, it has strong Israeli roots, with much of t ..read more

As I pointed out in my last blog on Artificial intelligence (AI), it is rapidly transforming the business landscape. From automating mundane tasks to optimizing processes and generating valuable insights, AI promises a future filled with efficiency and innovation. However, as with any powerful technology, AI presents a double-edged sword – for both security architects and business leaders. We explored the ramifications and mitigations for security architects in the blog referenced above. This time, for business leaders, understanding the potential ramifications, both positive and negative, ass ..read more

The landscape of application development is shifting rapidly, driven by the ever-increasing adoption of cloud-native technologies like containers and Kubernetes. Progressive enterprises are leading the charge in this transformation, recognizing the immense value these technologies offer in terms of agility, scalability, and operational efficiency. One crucial area where this shift is playing out is in API management. Traditionally, API management platforms have been deployed on dedicated infrastructure, leading to rigid deployments, slow scaling, and cumbersome management. However, by embracin ..read more

Considered the “first line of defense against emerging threats, encryption protects everything we do online, from web browsing to messaging, and plays a critical role in helping organizations meet government and state data security and privacy regulations, from General Data Protection Regulation (GDPR) in Europe to the California Privacy Rights Act (CPRA) in the U.S. Encryption not only serves as a business-enabler tool, but also as the foundation for our digital society. As a result, it’s critical that we continue to implement modern encryption tools and processes to protect against cryptogra ..read more

The cloud computing market has grown rapidly in recent years, and with it, the number of organizations adopting a cloud-based IT infrastructure. In the early days of cloud computing, most organizations adopted a single-cloud strategy, meaning they used the services of a single cloud provider for all of their cloud needs. However, in recent years, there has been a growing trend towards multi-cloud adoption, meaning organizations use the services of multiple cloud providers. There are a number of factors driving the evolution from single cloud to multi-cloud. One of these is the increasing avail ..read more

</p> Generative AI is a type of artificial intelligence that can create new content, such as text, code, images, and music. It is trained on massive datasets of existing content, and then learns to generate new content that is similar to the training data. With this capability, generative AI has the potential to revolutionize many industries, including software development, marketing, and entertainment. However, it also poses new security risks, especially for APIs. How Generative AI can be used to attack APIs. There are a number of ways that generative AI can be used to maliciously. Fo ..read more

In the past few years, there has been a growing interest in emerging protocols such as GraphQL and gRPC. These protocols offer a number of advantages over traditional REST APIs, such as improved performance, scalability, and flexibility. As a result, they are increasingly being adopted by enterprise architects for a variety of use cases. What is GraphQL? GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. It allows clients to ask for exactly the data they need, without having to know about the underlying data structures. This makes it a more ..read more

In the first two articles in this three-part series, we examined the top risks on 2023 OWASP Top 10 API Security Risks list. In this article, we’ll discuss what future lists may – or should – include and how enterprises can best protect themselves from these evolving risks. Future API risks: What can we expect? While it is difficult to predict what future OWASP API Security Risks lists will include, I’m certain that both broken authentication and broken authorization, which both topped the 2019 and 2023 lists, will never go away. They remain constant security challenges. Another risk that made ..read more

APIs matter. Not only are they fueling digital transformation, these application building blocks are increasingly playing a key role in our economy. According to Postman’s 2023 State of the API report, “almost two-thirds of respondents said their APIs generate revenue. Of those respondents, 43% said APIs generate over a quarter of company revenue.” Yet this growing corporate attack surface is not without risk. In the first article in our three-part series on OWASP Top 10 API Security Risks, we examined the top three risks on the 2023 list:  Broken Object Level Authorization, Broken Authen ..read more

The average API provider has not prioritized the implementation of good API security because API security is misunderstood, and good security in general is not easy. Sometimes, the perceived cost is greater than the perceived risk. As a result, many organizations are at an increased level of vulnerability to cyber attacks. When API security is too ‘basic’, attackers find their way through, in particular by phishing users and finding leaked credentials. Bearer tokens are practical but dangerous Basic bearer-style OAuth tokens are common use because they are practical. But when they leak, are st ..read more