Alexandra Charikova - Escape - The API Security Blog

How to secure GraphQL APIs: challenges and best practices

GraphQL APIs, while offering robust features and flexibility, present unique security challenges compared to traditional REST APIs. This article delves into the complexities of securing GraphQL APIs, highlighting common vulnerabilities and providing a comprehensive guide to best practices for building secure GraphQL apps. A visual learner? Check out our latest

Product updates

DAST Scanner: New features and improvements

We are excited to announce the updates to our DAST scanner, helping you achieve improved performance and obtain better results when testing your APIs.

API Inventory

API Inventory: New features and improvements

With our updates to API discovery and inventory, you gain even more capabilities to easily achieve complete governance.

Custom Security Tests

Are custom security tests a product security superpower? ⎜Keshav Malik (LinkedIn)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. In this article, we'll cover the main takeaways from our conversation with Keshav Malik, a senior Product Security Engineer at LinkedIn. Our goal is to help you understand

Application Security

How to secure cloud-native applications

This article is based on the Elephant in AppSec podcast episode with Mihir Shah, a Senior Staff Application Security Engineer at ForgeRock, and the author of the Cloud Native Software Security Handbook.

API Governance

The challenges and opportunities of API governance in 2024

Learn more about the concept of API sprawl, its implications, and the challenges and importance of API governance.

API Security

[Fireside Chat] API sprawl: Understanding the growing challenge of 2024 and how to navigate it

Hey there 👋 Join Bill Doerrfeld, tech journalist and Editor-in-Chief at the Nordic APIs blog, Erik Wilde, OAI Ambassador at the OpenAPI Initiative, and Antoine Carossio, CTO and co-founder at Escape, for a fireside chat on the challenges of API sprawl. Sign me up! During this live discussion, they will explore:

API Security

Workshop "How to write custom security tests" - Main Takeaways

Organizations are constantly seeking ways to improve their defenses against business logic vulnerabilities. These vulnerabilities, often difficult to detect, can lead to significant security breaches if left unchecked. To address this challenge, we've introduced a new feature within our platform that empowers teams to create custom business logic

Podcast

The art and science of product security: A deep dive with Jacob Salassi

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today we’re excited to have an amazing guest, Jacob Salassi, join us. You can find the main takeaways from our conversation with Jacob just down below! Jacob's

Product updates

Introducing Escape rules - Rules that adapt for you

Today, we’re launching customization improvements to Escape’s automated testing capabilities. With Escape Rules, you can now write custom security tests that do not require any maintenance and adapt to each newly discovered API and each new version of your existing APIs. 💡Want to learn how to write custom

Application Security

Building security training for developers in 2024: Is it really worth it and how to proceed?

If you're a security engineer, the chances that you've struggled with your development team to implement secure coding practices are high. If you don't have the right culture in your organization, it might be even harder. Developers consider you as an adversary, rather than

API Security

Sensitive data exposure: How to prevent it and where do we stand in 2024

Do you fully grasp the magnitude of sensitive data exposure? It stands as one of the most prevalent and menacing threats to organizational security in 2024. Picture any information quintessential to an individual's or a company's identity and safety - personal, financial, health, or trade secrets.

API Security

How to secure your API secret keys from being exposed?

Learn about the dangers of API secret key exposure and discover our selection of prevention strategies.

API Discovery

What is a Shadow API? Understanding the risks and strategies to prevent their sprawl

API Sprawl is a serious challenge in 2024, and shadow APIs are part of the problem. But do you actually know what Shadow APIs are and why they represent danger for organizations? With the ever-increasing number of exposed APIs, the pain of not being able to gain visibility over all

Podcast

Developers and security training: can they co-exist?⎜Laura Bell Main

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we’re excited to have an amazing guest, Laura Bell Main, join us. With over 20 years in software development and application security, Laura is the co-founder and CEO

API Discovery

What is API Sprawl? Understanding the growing challenge of 2024 and how to navigate it

Discover the impact of API sprawl in 2024 and learn how to effectively navigate it with expert insights from our team.

Podcast

Adversarial machine learning: what is it and are we ready? ⎜Anmol Agarwal

Today, we're joined by Anmol Agarwal, a security researcher at Nokia. Tune in as we challenge her insights on adversarial machine learning.

Announcement

Join our new Escape community on Slack!

If you're a security professional who enjoys asking questions, sharing your knowledge with others, and is passionate about API security, this group is for you!

API Security

API security for PCI compliance: A deep dive into the PCI DSS 4.0 impact

There are more than 50 new requirements in PCI DSS v4.0 – do you know which ones apply to you and what you need to do to meet them?  The March deadline is approaching, and we want to ensure you're fully prepared for the changes ahead. The deadline

API Security

How to secure gRPC APIs

Looking for ways to secure gRPC APIs? Don't worry, we've got you covered! In this article, we will be exploring the topic of gRPC security and its importance in ensuring the security of API endpoints. We will also discuss the role of dynamic application security testing

Podcast

AppSec vendors and CISOs: a love-hate relationship? ⎜Olivia Rose

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we're joined by an amazing guest, Olivia Rose. Olivia is an executive leader with more than 20 years of dedicated experience, having served as the former CISO

Product updates

Introducing notification rules: You can now tailor your alerts with precision

With our new notification rules feature, it takes just a few simple steps to customize your alerts to focus on what really matters for you and your business.

Application Security

4 lessons from recent application security case studies

Every organization, no matter how big or small, if it's dependent on the software (which is impossible not to be in the modern world), must prioritize software security. Interested in enhancing yours? Want to know how real-world application security challenges are tackled? Let's get straight to

API Gateway Security

API gateway security: 8 best practices

Are your API gateways well secured? If you have doubts, then they are not. API gateways play a large role in securing the flow of data between clients and backend services. But with the surge in API adoption (nearly 90% of developers are using APIs) and the increasing sophistication of

Product updates

Implementing real-world authentication scenarios in your scans is now made easy

With our new dynamic authentication token generation feature, it takes just a few simple steps to implement real-world authentication scenarios in your scans.