SAST tools are not designed for API-centric applications and therefore have a higher false positive rate.

API Security Testing is more complex than SAST SAST works by examining the source code of an application to determine where it may be vulnerable to external attack, but this does not take into accoun ...

Continue Reading
SAST tools are not designed for the unique data flow of APIs SAST is too slow to be effective on API-centric applications The second problem with SAST is that it’s just too slow.

The typical approach to a web application vulnerability assessment involves scanning the codebase, creating a model and then running this against an automated scanner such as Burp Suite or ZAP. This p ...

Continue Reading
The API-University book series is a collection of books that teach you how to design, build and manage APIs.

The first volume, "API Design" teaches you the basics of designing APIs for your business or startup. tl;dr: The second volume, "API Security" teaches you about the most critical security risks in AP ...

Continue Reading
API security has often been a blind spot for enterprises.

In fact, it’s very common to see unauthenticated APIs. From incidents like mHealth APPs, Panera bread, Fiserv, LifeLock, Kay Jewelers and several others API security had remained a crucial factor. T ...

Continue Reading
I made a thing that lets you see what’s in your browser history.

I've been thinking about this for a while, but I finally got around to making it last week. It was inspired by the "What Happened" feature on Facebook, which shows you all of the posts and photos that ...

Continue Reading
API security testing is similar to functional API testing.

You can use the same tools and techniques for both, but you should also include negative tests in your test setup. OWASP Top Ten Security Issues For APIs Let's now look at each of the top ten OWASP ...

Continue Reading
SAST tools are not designed for API-centric applications.

API Security Testing is a “Black Box” Problem The second problem with SAST is that it only provides information about the vulnerabilities in an application, and does not provide any insight into ho ...

Continue Reading
I’m a big fan of the show, but I think it’s time for me to move on.

I've been watching The Walking Dead since season 2. It was my favorite show at the time and remains one of my favorites today. However, I feel like it's finally reached its peak in terms of quality an ...

Continue Reading

Back to Main

Subscribe for the latest news: