With the rise of AI agents, many organizations want to expose information that differentiates their business. Doing so has several potential business benefits: attracting new parties at internet scale, monetizing those connections, and enabling new and dynamic user experiences. APIs expose data to the outside world and support many types of clients, like web or ...| Nordic APIs
Mobile apps are more exposed than web apps. Learn layered strategies to secure secrets, block MitM attacks, and stop bot farms.| Nordic APIs
As the AI threat landscape evolves daily, certain LLM vulnerabilities pose significant risks to enterprise operations.| Help Net Security
Discover what makes Escape's agentless API discovery technology truly innovative.| Escape DAST - Application Security Blog
As AI agent ecosystems mature, the need for robust monitoring and observability has moved from “nice to have” to non-negotiable. With emerging standards like Anthropic’s Model Context Protocol (MCP) introducing context-based access to models, developers, and operators are gaining finer-grained control over agent workflows and interactions. With this increased control, however, comes the need to ...| Nordic APIs
Partner APIs play a growing role in modern architectures, enabling organizations to collaborate, integrate systems, and deliver new services faster. But these APIs live in a grey area, more exposed than internal interfaces, yet not fully public. This in-between space comes with its own set of security concerns, like overly broad access and unclear identity ...| Nordic APIs
Learn how to prevent unauthorized API access with scoped tokens, gateways, WAFs, TLS, rate limits, and input validation.| Nordic APIs
Beyond the Browser: How Unprotected Devices are Fueling the API Security Crisis When it comes to protecting critical business applications, API security is the number one concern of a stunning 71% of cybersecurity professionals at large enterprises, our data shows. One particularly alarming trend is the rise of API attacks targeting unprotected devices like gaming […]| Arkose Labs
Protecting Programmatic API Endpoints Before It's Too Late The explosive growth of APIs in your global enterprise suggests that you're probably missing a| Arkose Labs
Explore key security concerns of the Model Context Protocol (MCP) and best practices to protect your AI-agent ecosystem.| Nordic APIs
This is part three of our three-part API Threat Protection series. In part one, we talked about the modern approach to API discovery, and in part two, detecting API threats. We’ve learned that there’s a need for real-time, automated prevention measures to block API threats, and that’s the final step in the Unified API Protection […] The post API Threat Protection: Part 3 of How to Prevent API Attacks appeared first on Cequence Security.| Cequence Security
A breakdown of the top API threats in 2025 so far, and what they reveal about access control, visibility, and protecting sensitive data.| CybelAngel
In this article, we’ll explore why automated API security is essential to keep up with fast-moving deployment cycles and the evolving threat landscape. The post Why HR Tech Platforms Can No Longer Ignore API Security in a Zero-Trust World appeared first on PeopleSpheres.| PeopleSpheres
Monitor MCP server security and agent behavior with Moesif. Detect misuse, set alerts, and gain visibility into Model Context Protocol traffic.| Monitoring MCP Security and Agent Behavior with Moesif | Moesif Blog
Struggling with shadow APIs and compliance gaps? A complete API inventory gives you the visibility you need to reduce risk and enforce strong governance.| Cequence Security
The post Rethinking API governance with Team Topologies: A practical guide for engineering leaders appeared first on Tyk API Management.| Tyk API Management
Cequence has partnered with AWS to combine Cequence API Security and Bot Management products with AWS Web Application Firewall (WAF) and AWS Shield to offer a best-of-breed cloud WAAP. Increasingly, our customers have asked if we could provide WAF and DDoS capabilities in addition to our API security and bot management offerings, so we worked […] The post Introducing Cequence Web Application and API Protection – WAAP appeared first on Cequence Security.| Cequence Security
API compliance means complying with internal organizational governance as well as industry and regional regulations. It’s a business-critical priority, not just a technical requirement, as non-compliance can mean regulatory fines and data breaches, which can incur regulatory penalties, erode customer trust, and have a significant financial impact. API compliance is defined as how an organization […] The post What is API Compliance? Aligning Regulatory Standards with API Security appeared ...| Cequence Security
Learn how AI tools like ChatGPT can be used to improve API security across the development, testing and detection phases of the API protection lifecycle.| Cequence Security
What developers need to know about federation, regional compliance, and evolving identity protocols as sovereign clouds become law.| Nordic APIs
The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card which is actually completely blank. Of course, this being Doctor Who, the card is really made out of a special “psychic paper“, which causes the person looking at it […]| Neil Madden
In “Towards a standard for bearer token URLs”, I described a URL scheme that can be safely used to incorporate a bearer token (such as an OAuth access token) into a URL. That blog post concentrated on the technical details of how that would work and the security properties of the scheme. But as Tim Dierks […]| Neil Madden
The healthcare industry deals with a mountain of highly sensitive data, whether it be patient health information, insurance details, or financial information – all of which are valuable to cybercriminals. Bad actors can use this information for everything from identity theft to insurance fraud. Implementing a strong API security program is critical to protect APIs […] The post API Security in Healthcare: Protecting Health Data from API Attacks appeared first on Cequence Security.| Cequence Security
Agentic AI relies on APIs. Learn why this changes everything for API security and how Cequence can help.| Cequence Security
Explore how the API Security Academy uses WebContainers for interactive Node.js lessons directly in your browser.| Escape DAST - Application Security Blog
Explore why customers prefer Escape over Burp Suite Enterprise, weigh the advantages and disadvantages of both,and determine the best fit for you| Escape DAST - Application Security Blog
Poshmark blocked a rise in automated account takeover attempts targeting its online marketplace. API security is the solution to protect users from attacks.| Cequence Security
Discover the importance of API catalogs, their differences from API portals & gateways, and how to ensure optimal API management and security.| Escape DAST - Application Security Blog
Many of today’s hyper-connected organizations are faced with the challenge of how to detect and prevent web scraping attacks in an efficient and scalable manner. In this blog, we’ll share how a comprehensive approach involving API security and bot management can help mitigate this problem that leverages behavioral fingerprinting to continuously track sophisticated attacks, supported by […] The post How to Prevent Web Scraping Attacks and Block Malicious Bots appeared first on Cequence ...| Cequence Security
It’s here, the 18th annual Verizon 2025 Data Breach Investigations Report (DBIR) which contains a comprehensive look at the current state of cybercrime. Cybersecurity professionals around the world will soon be brewing some coffee and preparing to dig into the beautifully-written (and sometimes funny!) report, which weighs in this year at a svelte 117 pages. […] The post Verizon 2025 DBIR Review appeared first on Cequence Security.| Cequence Security
Effective API security combines domain-based and runtime API discovery for complete threat visibility. Secure your APIs before attackers exploit them.| Cequence Security
What would happen if a malicious actor managed to access your API without authorization and compromise sensitive user data? The repercussions can be horrendous. You could| Spectral
Enhance GraphQL security with input validation & sanitization. Learn about homemade middleware,directives and custom scalars for protecting APIs| Escape DAST - Application Security Blog
Web safety matters. XSS is like sneaky bad notes, while CSRF tricks sites as if it's you. Both misuse website trust. We'll explore how they work and how to protect sites, including using CSRF tokens. Learn about online security with us!| Escape DAST - Application Security Blog
Explore our comprehensive guide to API security—why it's vital, best practices and how to get started. Discover, comply and protect with Cequence.| Cequence Security
Learn how SIM swapping can lead to serious impacts to other accounts and how Cequence can help prevent it.| Cequence Security
CIAM has emerged to help businesses secure, manage, and personalize customer identities, ensuring seamless and compliant digital experiences.| Nordic APIs
Learn about API abuse, its risks, and proactive steps to safeguard your business. Discover how tools like Treblle enhance observability and prevent API exploitation.| Treblle Blog
DAST tools (Dynamic Application Security Testing tools) scan running apps and APIs for vulnerabilities like business logic flaws or broken authentication - no source code needed. Unlike legacy tools, modern DAST supports CI/CD and reduces false positives with developer-first workflows.| Escape DAST - Application Security Blog
Discover why Escape is a better API security solution.| Escape - The API Security Blog
We are excited to announce updates to our vulnerability prioritization funnel, which will help you focus on vulnerabilities that pose a real danger to your business.| Escape - The API Security Blog
Simplify API compliance with Treblle 3.0. Stay secure, meet regulations like GDPR and CCPA, and build trust with ease.| Treblle Blog
Cross-Site Scripting (XSS) happens when attackers send malicious scripts via web apps to end users. Learn how to remediate it in GraphQL apps.| Escape - The API Security Blog
As large organizations double-down on API strategies, zombie APIs are an emerging threat. This is encouraging API discovery and governance.| Nordic APIs
The popularity of APIs has led to a rise in attack volume, with threat actors attempting to exploit any means to gain access.| Help Net Security
2024’s API breaches exposed vulnerabilities. Understand why a proactive, security-first approach is crucial to protect against evolving risks.| Treblle Blog
Explore 2024’s biggest API breaches and discover insights on preventing similar vulnerabilities to protect sensitive data and strengthen API security.| Treblle Blog
Discover why Escape is a better API security solution.| Escape - The API Security Blog
Dotpe’s unsecured API led to a massive breach, exposing sensitive data. Learn how Treblle’s API governance and security features could have prevented it and protected businesses.| Treblle Blog
Enhance your enterprise's security with expert tips on API gateway security. Learn eight essential practices to protect your API gateways.| Escape - The API Security Blog
We are excited to announce the updates to our DAST scanner, helping you achieve improved performance and obtain better results when testing your APIs.| Escape - The API Security Blog
Are you looking to make your API security program stronger? Our detailed API Security Checklist is here to help.| Escape - The API Security Blog
Our security team scanned 189.5M URLs and found more than 18,000 exposed API secrets. Discover the methodology that led us to these findings.| Escape - The API Security Blog
Explore Broken Object Level Authorization (BOLA), its implications, how it can be exploited, and how to secure your applications against it.| Escape - The API Security Blog
Discover the latest insights into the 2023 OWASP API Security Top 10, as we delve into the most critical vulnerabilities and best practices to protect your APIs.| Escape - The API Security Blog
We have been doing API Security wrong. Discover how the limitations of traffic-based API security tools might impact your security and why Escape's agentless technology is the best way to protect your APIs.| Escape - The API Security Blog
If you are a developer in the current cybersecurity climate, you already know your application’s security is paramount. But have you considered the risks associated with| Spectral
Learn how your organization can achieve PCI DSS 4.0 compliance with a Discover, Comply, Protect approach through effective API Security strategies.| Cequence Security
Learn more about the concept of API sprawl, its implications, and the challenges and importance of API governance.| Escape - The API Security Blog
Since 2022, Escape's security research team has been tracking API-related data breaches. We’ve decided to make our database public, providing detailed insights into primary attack vectors, threat actors, tools, and techniques. The database is updated every two weeks.| Escape - The API Security Blog
Explore the limitations of current automated specification generation tools and how Escape's static analysis techniques stand out.| Escape - The API Security Blog
Sensitive customer information leaked, operations disrupted, and reputation tarnished – this is not the headline you want splashed across the internet. There’s a 76% spike in| Spectral
I was catching up on the always excellent Security. Cryptography. Whatever. podcast, and enjoyed the episode with Colm MacCárthaigh about a bunch of topics around TLS. It’s a great episode th…| Neil Madden
In this article we benchmark Escape against other DAST tools. Focusing on VAmPI and DVGA, we compare results across different API types.| Escape DAST - Application Security Blog
Dive into the complexities of securing GraphQL APIs and common vulnerabilities and learn best practices for enhancing GraphQL security.| Escape DAST - Application Security Blog
DAST is dead, discover why business logic security testing takes center stage.| Escape DAST - Application Security Blog
In this article, we'll show how we created Escape's proprietary business logic security testing algorithm and what makes it innovative.| Escape DAST - Application Security Blog
Learn why security engineers need a new approach to identify business logic flaws.| Escape DAST - Application Security Blog
Talking about the best practices and guidelines that security personal and banks can use to help ensure the security of their APIs. The post Money Talks, Security Rocks – API Best Practices for Open Banking appeared first on API Mike.| API Mike
Cyberattacks in Australia is becoming increasingly concerning with the rise of API breaches - learn about the latest API breach in Australia The post Map of the Australian API breach appeared first on API Mike.| API Mike
Organizations need to be aware of the risks associated with API sprawl and take steps to prevent it. learn 9 methods of prevention. The post API sprawl – 9 methods to prevent it appeared first on API Mike.| API Mike
Discover how Escape rules are the new generation of custom security tests for your API security.| Escape DAST - Application Security Blog
Learn to manage API data securely, avoid oversharing, and protect privacy with expert insights and real-life examples.| Treblle Blog
Explore the latest insights on sensitive data exposure in 2024 and learn effective prevention strategy for protecting your company's information| Escape DAST - Application Security Blog
Explore major API security breaches: their causes, impacts, and key lessons to bolster API safety and prevent future vulnerabilities.| Treblle Blog
Decentralized identity is set to make a big impact on how APIs are accessed and secured. We cover a relevant recent talk from Jacob Ideskog.| Nordic APIs
Prepare for PCI DSS 4.0 compliance with our in-depth guide and protect your payment transactions with robust API security measures.| Escape DAST - Application Security Blog
Explore whether APIs introduce more security risks than benefits to SCADA systems, how hard it is to secure SCADA, and key future challenges.| Escape - The API Security Blog
Explore 2025's top API security tools: Get in-depth reviews, pros, cons, and choose the best security tool for your API security needs.| Escape - The API Security Blog
In XSS doesn’t have to be Game Over, and earlier when discussing Can you ever (safely) include credentials in a URL?, I raised the possibility of standardising a new URL scheme that safe…| Neil Madden
Proper API Security has become important to every stakeholder in large organizations, thus the need for advanced API Governance.| Treblle Blog