Escape - The API Security Blog (Page 2)

Introducing the API Threat Landscape, a new resource for API security researchers

Since 2022, Escape's security research team has been tracking API-related data breaches. We’ve decided to make our database public, providing detailed insights into primary attack vectors, threat actors, tools, and techniques. The database is updated every two weeks.

Podcast

AI Security: How Hard Is It to Develop Secure AI?

This blog is based on our conversation with Rob van der Veer, Senior Principal Expert at the Software Improvement Group. It explores the complex challenges of developing secure AI systems and the critical role of governance and role segregation in AI security.

Product updates

Product updates: Automated schema generation

We are excited to introduce our latest feature: automated schema generation for all your discovered APIs. Having an OpenAPI Specification (OAS) is beneficial because it provides a standardized, machine-readable format for documenting RESTful APIs, promoting clarity and consistency across different services. with an OAS, developers can leverage a plethora of

API Security

Limitations of current automatic specification generation tools

Have you ever wondered how automatic specification generation can streamline API security scanning? By significantly reducing the manual effort involved in creating and maintaining API specifications, automated tools offer clear benefits in terms of scan accuracy and setup time. Yet, many existing tools on the market have notable limitations. Understanding

API Discovery

Why API Discovery is Important for Financial Companies

Discover the role of APIs in the financial sector, and how API discovery ensures security, compliance, and efficiency in financial services.

Data breaches

Twilio's Authy Breach: The Attack via an Unsecured API Endpoint

A recap of Twilio's Authy app breach, which exposed 33 million phone numbers. Including the impacts, lessons learnt and recommendations to enhance your security.

Case Study

Case Study: How Escape helps the French Football Federation secure the development of its online services

Discover how Escape secures the development of the online services of the French Football Federation.

Best Practices

An Analysis of Kuppinger Cole’s Selection Criteria for API Management and Security

Discover how Escape fits the Kuppinger Cole selection criteria of API Management and Security Solutions.

Webinar recap

Webinar recap: How to build relationships with developers?

Join our guest expert, Dustin Lehr, to learn how to earn developers' respect, introduce gamification, and get issues fixed in a security context.

Case Study

Étude de cas : Comment Escape aide la Fédération Française de Football à sécuriser le développement de ses services en ligne

La Fédération Française de Football (FFF) est l'instance dirigeante du football en France, supervisant tous les aspects du sport, des niveaux amateurs aux ligues professionnelles. Pour accomplir sa mission de promotion et de développement du football, la FFF s'appuie sur des plateformes numériques et des API

Product Security

Understanding Access Control Models: RBAC, ABAC, and DAC

Different models of access control offer unique methods and benefits. The three primary models are Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Discretionary Access Control (DAC).

Application Security

How to secure non-human identities? with Andrew Wilder and Amir Shaked

This blog is based on our conversation with Andrew Wilder, Retained Chief Security Officer at Community Veterinary Partners and Amir Shaked, VP of R&D at Oasis Security. It covers the unique challenges of securing non-human identities.

Application Security

The Elephant in AppSec Conference is here!

Get ready for some opinionated talks.

Application Security

Software Supply Chain Risks ⎪Cassie Crossley (VP Supply Chain Security, Schneider Electric)

This blog is based on our conversation with Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric. It covers the unique challenges of software supply chain security.

Case Study

Case Study: How Sungage Financial improved their application security within 1 week

Sungage Financial chose Escape's API security solution to secure their new GraphQL APIs. Escape’s easy setup, actionable remediation, and GraphQL support enabled comprehensive risk evaluation and swift vulnerability fixes, enhancing security and efficiency.

Webinar

Webinar: How to build relationships with developers

Are you a security leader struggling to connect meaningfully with your developers? Join our guest expert, Dustin Lehr, to learn how to earn developers' respect, introduce gamification, and get issues fixed.

Podcast

Security challenges in the financial sector⎪Max Imbiel (CISO, Bitpanda)

This blog is based on the podcast episode with Max Imbiel, CISO at Bitpanda. It covers the unique challenges of building secure financial applications.

Product updates

Vulnerabilities prioritization funnel: Focus on what matters

We are excited to announce updates to our vulnerability prioritization funnel, which will help you focus on vulnerabilities that pose a real danger to your business.

DAST

We benchmarked DAST products, and this is what we learned

When we started, we wanted to understand how to validate the quality of Escape's scanner findings and be able to benchmark them. Dynamic application scanning solutions are notorious for not being able to scan complex vulnerabilities, specifically the business logic vulnerabilities, and other deficiencies, and even though we

GraphQL Security

How to secure GraphQL APIs: challenges and best practices

GraphQL APIs, while offering robust features and flexibility, present unique security challenges compared to traditional REST APIs. This article delves into the complexities of securing GraphQL APIs, highlighting common vulnerabilities and providing a comprehensive guide to best practices for building secure GraphQL apps. A visual learner? Check out our latest

API Security

DAST is dead, why Business Logic Security Testing takes center stage

“DAST is dead”—that’s the phrase that appears every year on social media and in cybersecurity newsletters. But what if in 2024, it finally came true? DAST, Dynamic Application Security Testing (even though we see a new terminology “Dynamic API Security Testing” popping up here and there within the

API Security

Escape's proprietary Business Logic Security Testing algorithm: what makes it innovative

Testing APIs for Business Logic vulnerabilities is hard. Actually, this is a mission that old-school DAST solutions like ZAP (formerly OWASP ZAP) cannot handle. I'm Antoine Carossio, passionate about Computer Science for more than 15 years now and cofounder & CTO of Escape. With my team, we'

Product updates

DAST Scanner: New features and improvements

We are excited to announce the updates to our DAST scanner, helping you achieve improved performance and obtain better results when testing your APIs.

API Inventory

API Inventory: New features and improvements

With our updates to API discovery and inventory, you gain even more capabilities to easily achieve complete governance.

API Security

[Webinar] How to secure GraphQL

Join Uri Goldshtein and Tristan Kalos for a webinar on GraphQL security and learn to secure your GraphQL APIs.