What’s new for enterprise - Product Updates | Escape Blog
Discover our new enterprise product features like Single Sign-On (SSO), Role-Based Access Control (RBAC), Audit logs, and SLA status page.| Escape DAST - Application Security Blog
Discover our new enterprise product features like Single Sign-On (SSO), Role-Based Access Control (RBAC), Audit logs, and SLA status page.| Escape DAST - Application Security Blog
Discover our latest product updates: support for Insomnia collections, WP-JSON schema, and additional business logic security tests. Plus you can now fully benefit from Escape's public API.| Escape DAST - Application Security Blog
tl;dr we scanned 6056+ public APIs on the internet with our in-house feedback driven exploration tech and ranked them using security, performance, reliability, and design criteria. We decided to analyze the resulting data and produce a full featured report: The State of Public APIs 2023 Why build this report?| Escape DAST - Application Security Blog
REST API business logic security testing is available to all Escape users. Scan your REST endpoints and get your full vulnerability assessment| Escape DAST - Application Security Blog
Escape launches the first Asset Inventory and Attack Surface Management solution for GraphQL APIs with its new API Catalog feature.| Escape DAST - Application Security Blog
Many SaaS startups fail to understand the importance of the EU’s new set of rules concerning their citizens' personal data, and some paid a hefty price. Read along to understand the what, why and how of GDPR compliance.| Escape DAST - Application Security Blog
DevSecOps aims at integrating security inside the development process. It can be hard to know where to start. In this article, learn the best practices to implement DevSecOps in your engineering teams.| Escape DAST - Application Security Blog
This last part of the DevSecOps 101 series shows you how to scan your Docker images using Trivy, an open-source security scanner to find misconfigurations and vulnerabilities.| Escape DAST - Application Security Blog
In this tutorial, we will learn how to detect and fix vulnerable Python code using Semgrep.| Escape DAST - Application Security Blog
Escape introduces GraphQL compliance automation: align your APIs with OWASP, PCI-DSS, CWE, and HIPAA standards using automated checks and reports.| Escape DAST - Application Security Blog
Explore the API Security Academy under the hood. Learn how hands-on lessons are built with WebContainers and contribute to open-source API security training.| Escape DAST - Application Security Blog
Explore common API attacks, understand their significant risks, and learn how to prevent them.| Escape DAST - Application Security Blog
Explore the top automated pentesting tools of 2025. Learn how modern platforms detect business logic flaws, deliver true positives, and scale continuous security testing, so security teams can replace manual pentests with faster, more accurate coverage.| Escape DAST - Application Security Blog
Learn GraphQL pentesting through real interaction examples. Discover how to detect SSRF payloads, stack traces, and multipath evaluation flaws.| Escape DAST - Application Security Blog
Learn advanced GraphQL pentesting with real CVEs. Discover how recursive fragments caused DoS and how Escape uncovered vulnerabilities.| Escape DAST - Application Security Blog
This article is part of the series "Pentesting GraphQL 101". 1. Pentesting GraphQL 101 Part 1 - Discovery 2. Pentesting GraphQL 101 Part 2 - Interaction 3. Pentesting GraphQL 101 Part 3 - Exploitation Exploitation or finding vulnerabilities might not be the most crucial step in a typical pentesting process.| Escape DAST - Application Security Blog
Learn GraphQL discovery in pentesting. From introspection to schema mapping, see how attackers explore GraphQL APIs and how to secure them.| Escape DAST - Application Security Blog
Learn how to automate your penetration testing, save time, reduce costs, and achieve business logic testing without human-in-the-loop.| Escape DAST - Application Security Blog
You can now test the security of persisted GraphQL Queries with Escape's platform. This new capability enhances our GraphQL API security testing| Escape DAST - Application Security Blog
Check out Escape's new product features, including compliance customization, CSV exports, and prioritization updates for enhanced security.| Escape DAST - Application Security Blog
Welcome to the first episode of The Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.| Escape DAST - Application Security Blog
Discover the role of APIs in the financial sector, and how API discovery ensures security, compliance, and efficiency in financial services.| Escape DAST - Application Security Blog
Discover what makes Escape's agentless API discovery technology truly innovative.| Escape DAST - Application Security Blog
tl;dr we scanned 6031+ public APIs on the internet with our in-house feedback driven exploration tech and ranked them using security, performance, reliability, and design criteria. The results are public on APIrank.dev. You can also request to index your own API for free and see how it compares| Escape DAST - Application Security Blog
Improve the security of your GraphQL API with Escape and Postman Are you tired of dealing with pesky API vulnerabilities? Want to take your GraphQL game to the next level? Introducing the perfect combo for GraphQL success - Escape and Postman. Escape is a tool that helps developers automatically and| Escape DAST - Application Security Blog
Escape expanded into front-end web app and single-page application (SPA) security testing. Help us build a better DAST by joining the closed beta.| Escape DAST - Application Security Blog
We’re thrilled to introduce Escape’s advanced Jira integration! Bridging the gap between security and development has never been easier.| Escape DAST - Application Security Blog
Discover the importance of API catalogs, their differences from API portals & gateways, and how to ensure optimal API management and security.| Escape DAST - Application Security Blog
Learn how to test GraphQL with Postman, the go-to tool for querying APIs, and quickly start sending requests and testing your GraphQL endpoints.| Escape DAST - Application Security Blog
Explore how Bright Security differs from Escape, weigh the advantages and disadvantages of both, and determine the best fit for your company.| Escape DAST - Application Security Blog
Introduction Automating the audit of APIs is a very hard problem: we want to dynamically evaluate those APIs' security, performance, and reliability. But APIs take parameters that are tightly coupled to the underlying business logic. We need a way to know what sequences of requests to send, with what parameters,| Escape DAST - Application Security Blog
Discover a Golang-based tool developed at Escape for GraphQL endpoint discovery and fingerprinting, enhancing API security. Available on GitHub.| Escape DAST - Application Security Blog
A new technology partnership enables mutual customers to gain full cloud and application context, establish clear ownership, and accelerate the remediation of critical risks.| Escape DAST - Application Security Blog
Enhance GraphQL security with input validation & sanitization. Learn about homemade middleware,directives and custom scalars for protecting APIs| Escape DAST - Application Security Blog
Web safety matters. XSS is like sneaky bad notes, while CSRF tricks sites as if it's you. Both misuse website trust. We'll explore how they work and how to protect sites, including using CSRF tokens. Learn about online security with us!| Escape DAST - Application Security Blog
Confusion between authentication and authorization causes data leaks. Learn the difference and how to implement the right access control pattern in your GraphQL API.| Escape DAST - Application Security Blog
Discover the benefits of combining SAST and DAST in application security. Watch the webinar recap with experts Tristan Kalos and Amit Bismut.| Escape - The API Security Blog
Discover| Escape DAST - Application Security Blog
And a deep dive into how the state of DAST is changing.| Escape - The API Security Blog
DAST tools (Dynamic Application Security Testing tools) scan running apps and APIs for vulnerabilities like business logic flaws or broken authentication - no source code needed. Unlike legacy tools, modern DAST supports CI/CD and reduces false positives with developer-first workflows.| Escape DAST - Application Security Blog
The main argument for disabling introspection is that it can be a security risk.Learn why disabling introspection in GraphQL may not be necessary| Escape - The API Security Blog
For several days now, your users have been complaining about losing access to your web service. If at first you thought it was a simple coincidence and certainly a fault of the users, the incident starts to be strongly repeated and noticed. You rush to your monitors and notice an| Escape - The API Security Blog
Managing GraphQL errors can be quite a challenging task, and we tried a lot of different approaches over time. Keep reading to know what we've learned along the way.| Escape - The API Security Blog
Discover why Escape is a better API security solution.| Escape - The API Security Blog
We are excited to announce updates to our vulnerability prioritization funnel, which will help you focus on vulnerabilities that pose a real danger to your business.| Escape - The API Security Blog
Explore how you can prevent data breaches in GraphQL. Learn to manage sensitive data effectively with robust access control.| Escape - The API Security Blog
Insecure Direct Object References (IDOR) are common security vulnerabilities. Discover IDOR real-life examples and best practices for GraphQL API| Escape - The API Security Blog
GraphQL aliasing is a powerful feature. But with great power comes great vulnerability: batch attacks and DoS. In this post, we explain how it works and how to remediate it in your GraphQL API.| Escape - The API Security Blog
The relational aspect of GraphQL can be a vulnerability exploited by running deep and cyclic queries causing your API to crawl under the load and crash. That's a Denial of Service. Learn how it works and how you can protect your API!| Escape - The API Security Blog
Cross-Site Scripting (XSS) happens when attackers send malicious scripts via web apps to end users. Learn how to remediate it in GraphQL apps.| Escape - The API Security Blog
We at Escape have been scanning GraphQL APIs for vulnerabilities for more than two years. In this post, we will share the most common GraphQL vulnerabilities, affecting close to all GraphQL APIs we have scanned. We strongly recommend you check your GraphQL APIs for these vulnerabilities.| Escape - The API Security Blog
Discover the challenges Thinkific faced and how they achieved enterprise-grade GraphQL security with Escape.| Escape - The API Security Blog
Discover why Escape is a better API security solution.| Escape - The API Security Blog
Enhance your enterprise's security with expert tips on API gateway security. Learn eight essential practices to protect your API gateways.| Escape - The API Security Blog
Testing your GraphQL API is critical to ensure that your software's business logic is running as expected. Tests will reveal bugs and vulnerabilities before they make it to production. In this tutorial, we go through the practical steps to write unit and integration tests for your GraphQL API.| Escape - The API Security Blog
GraphQL has no security by default. All doors are open for the most basic attacks. Read more to learn about the exact threats and some simple strategies you can implement to get your users' data under lock and key 🔐| Escape - The API Security Blog
We are excited to announce the updates to our DAST scanner, helping you achieve improved performance and obtain better results when testing your APIs.| Escape - The API Security Blog
Are you looking to make your API security program stronger? Our detailed API Security Checklist is here to help.| Escape - The API Security Blog
Today, we’re finally unveiling new capabilities of Escape - agentless discovery and inventory of APIs within their specific business context.| Escape - The API Security Blog
Discover our in-depth guide on application security audits, systematic evaluations conducted to assess the security posture of applications.| Escape - The API Security Blog
Our security team scanned 189.5M URLs and found more than 18,000 exposed API secrets. Discover the methodology that led us to these findings.| Escape - The API Security Blog
Learn how to automatically generate static API specifications from API codebases for Continuous Security Testing (CT)| Escape - The API Security Blog
Explore Broken Object Level Authorization (BOLA), its implications, how it can be exploited, and how to secure your applications against it.| Escape - The API Security Blog
You receive a call in the middle of the night from the SRE team: All production data has been deleted from your company's various relational databases. Many of the company's internal services are therefore down. You absolutely need to fix the problem immediately and identify the problem. Once you log| Escape - The API Security Blog
Discover the latest insights into the 2023 OWASP API Security Top 10, as we delve into the most critical vulnerabilities and best practices to protect your APIs.| Escape - The API Security Blog
We have been doing API Security wrong. Discover how the limitations of traffic-based API security tools might impact your security and why Escape's agentless technology is the best way to protect your APIs.| Escape - The API Security Blog
DevSecOps tutorial: Learn hands-on techniques for securing your apps through vulnerability scanning with Nuclei and ensure robust security| Escape - The API Security Blog
Learn to detect/avoid vulnerable dependencies in app development with Software Composition Analysis (SCA) using a voluntary vulnerable Python app| Escape - The API Security Blog
Understand main Shadow API risks, and discover powerful strategies to curb Shadow API sprawl effectively.| Escape DAST - Application Security Blog
Learn more about the concept of API sprawl, its implications, and the challenges and importance of API governance.| Escape DAST - Application Security Blog
With our new Compliance Matrix feature, it takes just a few simple steps to get full visibility into your organization's compliance posture across all applications.| Escape DAST - Application Security Blog
Uncover API discovery's vital role in cybersecurity. Learn about automated vs. manual API discovery and how API Inventory tools can help.| Escape DAST - Application Security Blog
Discover how Shine, an online banking for professionals, enhanced API security. Explore their challenges and the transformative impact of Escape| Escape DAST - Application Security Blog
Discover how Lightspeed, the unified point of sale and payments platform, maintains security compliance, and explore its API security challenges.| Escape DAST - Application Security Blog
Since 2022, Escape's security research team has been tracking API-related data breaches. We’ve decided to make our database public, providing detailed insights into primary attack vectors, threat actors, tools, and techniques. The database is updated every two weeks.| Escape - The API Security Blog
We are excited to introduce our latest feature: automated schema generation for all your discovered APIs.| Escape - The API Security Blog
Explore the limitations of current automated specification generation tools and how Escape's static analysis techniques stand out.| Escape - The API Security Blog
A recap of Twilio's Authy app breach, which exposed 33 million phone numbers. Including the impacts, lessons learnt and recommendations to enhance your security.| Escape - The API Security Blog
Discover how Escape secures the development of the online services of the French Football Federation.| Escape - The API Security Blog
Learn about the shift-left approach in cybersecurity and how it integrates security practices into the early stages of software development.| Escape DAST - Application Security Blog
Explore different penetration testing types, including black-box, white-box, and grey-box testing, and discover their unique attack vectors.| Escape DAST - Application Security Blog
This blog is based on our conversation with Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric. It covers the unique challenges of software supply chain security.| Escape - The API Security Blog
This blog is based on the podcast episode with Max Imbiel, CISO at Bitpanda. It covers the unique challenges of building secure financial applications.| Escape DAST - Application Security Blog
In this article we benchmark Escape against other DAST tools. Focusing on VAmPI and DVGA, we compare results across different API types.| Escape DAST - Application Security Blog
Dive into the complexities of securing GraphQL APIs and common vulnerabilities and learn best practices for enhancing GraphQL security.| Escape DAST - Application Security Blog
DAST is dead, discover why business logic security testing takes center stage.| Escape DAST - Application Security Blog
In this article, we'll show how we created Escape's proprietary business logic security testing algorithm and what makes it innovative.| Escape DAST - Application Security Blog
With our updates to API discovery and inventory, you gain even more capabilities to easily achieve complete governance.| Escape DAST - Application Security Blog
Learn why security engineers need a new approach to identify business logic flaws.| Escape DAST - Application Security Blog
Discover the main takeaways from our conversation on product security with Jacob Salassi, Director of Product Security at Snowflake.| Escape DAST - Application Security Blog
Discover how Escape rules are the new generation of custom security tests for your API security.| Escape DAST - Application Security Blog
Discover the value of developer security training for developers and effective strategies for fostering a secure software development culture.| Escape DAST - Application Security Blog
Explore the latest insights on sensitive data exposure in 2024 and learn effective prevention strategy for protecting your company's information| Escape DAST - Application Security Blog
Discover the impact of API sprawl in 2024 and learn how to effectively navigate it with expert insights from our team.| Escape DAST - Application Security Blog
Today, we're joined by Anmol Agarwal, a security researcher at Nokia. Tune in as we challenge her insights on adversarial machine learning.| Escape DAST - Application Security Blog
Prepare for PCI DSS 4.0 compliance with our in-depth guide and protect your payment transactions with robust API security measures.| Escape DAST - Application Security Blog
This article was written by the guest expert, Aleksandr Krasnov. Aleksandr is the DevSecOps expert, principal security engineer, and an advisor. He has worked in companies like Meta, Dropbox, and Palo Alto Networks.| Escape - The API Security Blog
Dive into our latest blog post, and uncover invaluable insights collected from the recent application security incidents.| Escape - The API Security Blog
Learn to secure your Flask applications effectively with our expert hands-on tutorial. Enhance security for your projects in just a few steps!| Escape - The API Security Blog
Explore whether APIs introduce more security risks than benefits to SCADA systems, how hard it is to secure SCADA, and key future challenges.| Escape - The API Security Blog
