API security

We get a visit from Tanya Janca to discuss her latest book, Alice and Bob Learn Secure Coding! Segment Resources: Tanya's latest book on Amazon Tanya's previous book, Alice and Bob Learn Application Security on Amazon Tanya's website, She Hacks Purple

Government says hackers compromised a BeyondTrust API key to then access Treasury workstations and steal unclassified documents.

Investigation into the incident, which was initially detected on Dec. 2, revealed that threat actors leveraged a Remote Support SaaS API key to conduct local app account password resets.

First-of-its-kind “honeypot” study left open to all ports in 14 locations.

Aside from disrupting servers through a deluge of requests to "debug/pprof/heap" and other endpoints, attackers could also exploit Prometheus' "metrics" endpoint to obtain information from internal API endpoints, Docker registries, subdomains, and images that could be leveraged for reconnaissance efforts.

More than 90% of survey respondents reported taking measures to counter AI-enhanced attacks.

This week, in the enterprise security news: the latest cybersecurity fundings Cyera acquires Trail Security Sophos acquires Secureworks new companies and products more coverage on Cyberstarts’ sunrise program AI can control your PC public cybersecurity companies are going private Splunk and Palo Alto beef All that and more, on this episode of ...

APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their widespread use has made them prime targets for attackers, especially those deploying sophisticated bots. When these bots exploit business logic, they can cause considerable financial and reputational...