Escape - The API Security Blog

Webinar Recap: Building your Product Security Roadmap

In-depth recap of our hands-on product security webinar with James Berthoty—gather the best knowledge and insights!

The Elephant in AppSec Podcast⎥Lack of effective DAST tools⎥Aleksandr Krasnov (Meta, Thinkific, Dropbox)

Welcome to the first episode of The Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.

Events

Webinar: Best Practices for Security Compliance

How can you turn compliance from a box-ticking exercise into a strategic advantage for your organization? Join our upcoming webinar with DevSecOps expert, Wilson Mar, and get insights you need to optimize your approach to security compliance. 💡Wilson Mar has been building and bringing enterprise applications to market on major

Pentesting

Different types of penetration testing

Penetration testing, commonly known as pentesting, involves simulating a real attack on a server to assess its vulnerabilities against potential real-world attacks. While the primary goal is to emulate concrete threats, pentesting can extend beyond, offering insights into the potential consequences if confidential data were to fall into malicious hackers'

Application Security

SAST vs DAST: how to make the choice and combine them effectively

Should you choose between SAST and DAST? Perhaps the real question is, why not use both in your application security strategy? Let's be honest—vulnerabilities are often discovered when it's too late. No matter how well developers follow secure coding guidelines, it's impossible to keep an eye on every detail.

Application Security

Vulnerability Management Lifecycle: 5 Steps and Best Practices

Maintaining robust security of your organization is not just crucial in 2023 – it's a survival strategy. The recent data breach at 23andMe in October 2023 is a case in point. This incident, where a credential-stuffing attack led to unauthorized access to customer accounts, underscores a harsh reality. Even biotech companies,

Announcement

Introducing Agentless API Discovery & Inventory

Today, we’re finally unveiling new capabilities of Escape - agentless discovery and inventory of APIs within their specific business context.

API Security

Introducing your new API security testing assistant: Meet our GPT Bot!

Hey there 👋 We've got some exciting news to share with you today! We're thrilled to introduce you to our brand-new API security testing assistant: the GPT Bot "API Guardian". Are you tired of spending endless hours proactively looking for the best practices to test and secure APIs? Well, your search

Events

Webinar: Building Your Product Security Roadmap

Whether you're in the first few weeks of your ProdSec journey or building your Product security program for 2024, you might feel lost trying to wrap your head around all the attack surface your org faces and identifying some of the biggest security gaps. Don't worry, we're here to help!

Case Study

Case Study: How Lightspeed ensures full security compliance with Escape

Lightspeed, a technology partner to more than 160,000 global retail and hospitality businesses, has recently transitioned to a centralized payments model and adopted GraphQL APIs as a cornerstone of its operations. GraphQL allowed Lightspeed to improve both efficiency and flexibility in data retrieval, resulting in better overall system performance.

Application Security

How to establish an application security policy

As organizations increasingly rely on web and mobile applications to conduct business, robust application security has become paramount. Cyberattacks are on the rise, and without adequate protection, businesses risk losing sensitive data, revenue, and reputational damage. Having an application security policy in place is the first line of defense against

DevSecOps

DevOps vs DevSecOps: exploring the key differences and how to make the shift

In the fast-paced world of software development, companies are constantly searching for ways to deliver high-quality products quickly and efficiently. The evolution of DevOps revolutionized the industry by merging development and operations teams, breaking down silos, and fostering collaboration and communication. However, as startups and businesses strive for agility and

Competitor Comparison

Escape vs StackHawk

Today, attackers prioritize exploiting an application's business logic flaws and API vulnerabilities, which may result in the unauthorized extraction of sensitive data. Understanding an application's business logic is challenging, and requires a security platform that comprehends an application's functionalities to address complex API attacks. Escape is the only API Security

API Security

Escape API Security Checklist

Are you looking to make your API security program stronger? Do you sometimes find it challenging to spot and address security vulnerabilities effectively? You're not alone! Many security professionals like you face challenges in improving API security because technology and cyber threats keep changing. This makes ensuring strong API security

Competitor Comparison

Escape vs 42Crunch

Today, attackers prioritize exploiting an application's business logic flaws and API vulnerabilities, which may result in the unauthorized extraction of sensitive data. Understanding an application's business logic is challenging, and requires a security platform that comprehends an application's functionalities to address complex API attacks. Escape is the only API Security

What is API Discovery, and how does it work?

As the newly appointed Application Security engineer of a dynamic tech company, you quickly realize the sprawling web of APIs that power the company's services and pose unseen vulnerabilities. Every undocumented API feels like a ticking time bomb, a potential gateway for malicious breaches. To ensure that the organization's data

AppSec

Application security audit: an in-depth guide

Introduction What are application security audits? In information technologies departments, application security audits are systematic evaluations conducted to assess the security posture of an organization's applications. Application security audits involve finding possible threats and determining the organization's attack surface. The different vectors that attackers can leverage to harm a corporation

Announcement

Escape is now SOC 2 Type II compliant

We worked hard to complete the process and get the SOC 2 Type II compliance and finally it's done!

Leveraging Temporal for resilient remote procedure calls (RPC)

Temporal is not the first technology that comes to mind when discussing RPC technologies, but its broad feature set makes it a notable contender in this space.

API Security

Introducing business logic security testing for REST APIs

After one year and a half of approaching API security through the lenses of GraphQL, we are proud to introduce full support for REST API Security Testing in Escape, in addition to GraphQL 🚀 You like us on GraphQL. You will love us on REST. It's been a ride since Escape's

DevSecOps

How to automate and secure deployment within GitLab CI with Syft and Grype

Ensuring the security of your code is paramount in today's fast-paced development landscape. Thankfully, the automation capabilities of CI/CD pipelines can make this process seamless. In this article, we'll guide you through setting up a GitLab CI pipeline that automates code security checks, allowing you to focus on your

Announcement

October Spotlight: The major events not to be missed

If you’re not yet convinced that the fall is the best season to attend cybersecurity conferences, our upcoming event lineup might change your mind! This month, we're taking our team global, from the US to Monaco, Canada to Sweden. Are you planning to soak up the sun and stay

Announcement

Escape – The API discovery & security testing platform is now available on AWS Marketplace

With Escape now available on AWS Marketplace, we’re making it easier for all AWS-affiliated organizations to automate the discovery and security testing of all their exposed APIs.

Case Study

Case Study: How Escape enhanced Shine's application security

Shine is the online banking subsidiary of Société Générale, one of the leading financial services groups in Europe. Specifically designed for professionals with a commitment to innovation and customer satisfaction, Shine offers a range of online banking solutions tailored to the modern user. At the heart of Shine's technological infrastructure

Case Study

Case Study: How Thinkific has achieved enterprise-grade GraphQL security with Escape

Thinkific, a leading platform for creating and selling online courses, stands out for its commitment to flexibility and innovation. This dedication to innovative technologies led them to embrace GraphQL APIs as the center of their federated architecture. This system would aim to consolidate multiple existing APIs under one branch. However,