Alexandra Charikova - Escape - The API Security Blog

The State of GraphQL Security 2024

Insights from 13,000 GraphQL API issues: Read our deep dive into the current state of GraphQL security.

Introducing the API Threat Landscape, a new resource for API security researchers

Since 2022, Escape's security research team has been tracking API-related data breaches. We’ve decided to make our database public, providing detailed insights into primary attack vectors, threat actors, tools, and techniques. The database is updated every two weeks.

AI Security

AI Security: How Hard Is It to Develop Secure AI?

This blog is based on our conversation with Rob van der Veer, Senior Principal Expert at the Software Improvement Group. It explores the complex challenges of developing secure AI systems and the critical role of governance and role segregation in AI security.

Product updates

Product updates: Automated schema generation

We are excited to introduce our latest feature: automated schema generation for all your discovered APIs. Having an OpenAPI Specification (OAS) is beneficial because it provides a standardized, machine-readable format for documenting RESTful APIs, promoting clarity and consistency across different services. with an OAS, developers can leverage a plethora of

Case Study

Case Study: How Escape helps the French Football Federation secure the development of its online services

Discover how Escape secures the development of the online services of the French Football Federation.

Webinar recap

Webinar recap: How to build relationships with developers?

Join our guest expert, Dustin Lehr, to learn how to earn developers' respect, introduce gamification, and get issues fixed in a security context.

Case Study

Étude de cas : Comment Escape aide la Fédération Française de Football à sécuriser le développement de ses services en ligne

La Fédération Française de Football (FFF) est l'instance dirigeante du football en France, supervisant tous les aspects du sport, des niveaux amateurs aux ligues professionnelles. Pour accomplir sa mission de promotion et de développement du football, la FFF s'appuie sur des plateformes numériques et des API

Application Security

How to secure non-human identities? with Andrew Wilder and Amir Shaked

This blog is based on our conversation with Andrew Wilder, Retained Chief Security Officer at Community Veterinary Partners and Amir Shaked, VP of R&D at Oasis Security. It covers the unique challenges of securing non-human identities.

Application Security

The Elephant in AppSec Conference is here!

Get ready for some opinionated talks.

Application Security

Software Supply Chain Risks ⎪Cassie Crossley (VP Supply Chain Security, Schneider Electric)

This blog is based on our conversation with Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric. It covers the unique challenges of software supply chain security.

Webinar

Webinar: How to build relationships with developers

Are you a security leader struggling to connect meaningfully with your developers? Join our guest expert, Dustin Lehr, to learn how to earn developers' respect, introduce gamification, and get issues fixed.

Podcast

Security challenges in the financial sector⎪Max Imbiel (CISO, Bitpanda)

This blog is based on the podcast episode with Max Imbiel, CISO at Bitpanda. It covers the unique challenges of building secure financial applications.

Product updates

Vulnerabilities prioritization funnel: Focus on what matters

We are excited to announce updates to our vulnerability prioritization funnel, which will help you focus on vulnerabilities that pose a real danger to your business.

GraphQL Security

How to secure GraphQL APIs: challenges and best practices

GraphQL APIs, while offering robust features and flexibility, present unique security challenges compared to traditional REST APIs. This article delves into the complexities of securing GraphQL APIs, highlighting common vulnerabilities and providing a comprehensive guide to best practices for building secure GraphQL apps. A visual learner? Check out our latest

Product updates

DAST Scanner: New features and improvements

We are excited to announce the updates to our DAST scanner, helping you achieve improved performance and obtain better results when testing your APIs.

API Inventory

API Inventory: New features and improvements

With our updates to API discovery and inventory, you gain even more capabilities to easily achieve complete governance.

Custom Security Tests

Are custom security tests a product security superpower? ⎜Keshav Malik (LinkedIn)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. In this article, we'll cover the main takeaways from our conversation with Keshav Malik, a senior Product Security Engineer at LinkedIn. Our goal is to help you understand

Application Security

How to secure cloud-native applications

This article is based on the Elephant in AppSec podcast episode with Mihir Shah, a Senior Staff Application Security Engineer at ForgeRock, and the author of the Cloud Native Software Security Handbook.

API Governance

The challenges and opportunities of API governance in 2024

Learn more about the concept of API sprawl, its implications, and the challenges and importance of API governance.

API Security

[Fireside Chat] API sprawl: Understanding the growing challenge of 2024 and how to navigate it

Hey there 👋 Join Bill Doerrfeld, tech journalist and Editor-in-Chief at the Nordic APIs blog, Erik Wilde, OAI Ambassador at the OpenAPI Initiative, and Antoine Carossio, CTO and co-founder at Escape, for a fireside chat on the challenges of API sprawl. Sign me up! During this live discussion, they will explore:

API Security

Workshop "How to write custom security tests" - Main Takeaways

Organizations are constantly seeking ways to improve their defenses against business logic vulnerabilities. These vulnerabilities, often difficult to detect, can lead to significant security breaches if left unchecked. To address this challenge, we've introduced a new feature within our platform that empowers teams to create custom business logic

Podcast

The art and science of product security: A deep dive with Jacob Salassi

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today we’re excited to have an amazing guest, Jacob Salassi, join us. You can find the main takeaways from our conversation with Jacob just down below! Jacob's

Product updates

Introducing Escape rules - Rules that adapt for you

Today, we’re launching customization improvements to Escape’s automated testing capabilities. With Escape Rules, you can now write custom security tests that do not require any maintenance and adapt to each newly discovered API and each new version of your existing APIs. 💡Want to learn how to write custom

Application Security

Building security training for developers in 2024: Is it really worth it and how to proceed?

If you're a security engineer, the chances that you've struggled with your development team to implement secure coding practices are high. If you don't have the right culture in your organization, it might be even harder. Developers consider you as an adversary, rather than

API Security

Sensitive data exposure: How to prevent it and where do we stand in 2024

Do you fully grasp the magnitude of sensitive data exposure? It stands as one of the most prevalent and menacing threats to organizational security in 2024. Picture any information quintessential to an individual's or a company's identity and safety - personal, financial, health, or trade secrets.