Escape - The API Security Blog (Page 5)

SAST vs DAST: how to make the choice and combine them effectively

Should you choose between SAST and DAST? Perhaps the real question is, why not use both in your application security strategy? Let's be honest—vulnerabilities are often discovered when it's too late. No matter how well developers follow secure coding guidelines, it's impossible to

Application Security

Vulnerability Management Lifecycle: 5 Steps and Best Practices

Maintaining robust security of your organization is not just crucial in 2023 – it's a survival strategy. The recent data breach at 23andMe in October 2023 is a case in point. This incident, where a credential-stuffing attack led to unauthorized access to customer accounts, underscores a harsh reality. Even

Announcement

Introducing Agentless API Discovery & Inventory

Today, we’re finally unveiling new capabilities of Escape - agentless discovery and inventory of APIs within their specific business context.

API Security

Introducing your new API security testing assistant: Meet our GPT Bot!

Hey there 👋 We've got some exciting news to share with you today! We're thrilled to introduce you to our brand-new API security testing assistant: the GPT Bot "API Guardian". Are you tired of spending endless hours proactively looking for the best practices to test

Events

Webinar: Building Your Product Security Roadmap

Whether you're in the first few weeks of your ProdSec journey or building your Product security program for 2024, you might feel lost trying to wrap your head around all the attack surface your org faces and identifying some of the biggest security gaps. Don't worry,

Case Study

Case Study: How Lightspeed ensures full security compliance with Escape

Lightspeed, a technology partner to more than 160,000 global retail and hospitality businesses, has recently transitioned to a centralized payments model and adopted GraphQL APIs as a cornerstone of its operations. GraphQL allowed Lightspeed to improve both efficiency and flexibility in data retrieval, resulting in better overall system performance.

Application Security

How to establish an application security policy

As organizations increasingly rely on web and mobile applications to conduct business, robust application security has become paramount. Cyberattacks are on the rise, and without adequate protection, businesses risk losing sensitive data, revenue, and reputational damage. Having an application security policy in place is the first line of defense against

DevSecOps

DevOps vs DevSecOps: exploring the key differences and how to make the shift

Companies are constantly searching for ways to deliver high-quality products quickly and efficiently. The evolution of DevOps revolutionized the industry by merging development and operations teams, breaking down silos, and fostering collaboration and communication. However, as startups and businesses strive for agility and speed, security often falls by the wayside.

Competitor Comparison

Escape vs StackHawk

Today, attackers prioritize exploiting an application's business logic flaws and API vulnerabilities, which may result in the unauthorized extraction of sensitive data. Understanding an application's business logic is challenging, and requires a security platform that comprehends an application's functionalities to address complex API attacks.

API Security

Escape API Security Checklist

Are you looking to make your API security program stronger? Do you sometimes find it challenging to spot and address security vulnerabilities effectively? You're not alone! Many security professionals like you face challenges in improving API security because technology and cyber threats keep changing. This makes ensuring strong

Competitor Comparison

Escape vs 42Crunch

Today, attackers prioritize exploiting an application's business logic flaws and API vulnerabilities, which may result in the unauthorized extraction of sensitive data. Understanding an application's business logic is challenging, and requires a security platform that comprehends an application's functionalities to address complex API attacks.

API Discovery

What is API discovery, and how does it work?

Ever wondered how applications effortlessly communicate and collaborate, seamlessly sharing data and functionalities? Enter API discovery – the game-changer in modern development. What if finding and connecting with APIs was as intuitive as flipping a switch? As the newly appointed security engineer, you quickly realize the sprawling web of APIs that

AppSec

Application security audit: an in-depth guide

Introduction What are application security audits? In information technologies departments, application security audits are systematic evaluations conducted to assess the security posture of an organization's applications. Application security audits involve finding possible threats and determining the organization's attack surface. The different vectors that attackers can leverage

Announcement

Escape is now SOC 2 Type II compliant

We worked hard to complete the process and get the SOC 2 Type II compliance and finally it's done!

Leveraging Temporal for resilient remote procedure calls (RPC)

Temporal is not the first technology that comes to mind when discussing RPC technologies, but its broad feature set makes it a notable contender in this space.

API Security

Introducing business logic security testing for REST APIs

After one year and a half of approaching API security through the lenses of GraphQL, we are proud to introduce full support for REST API Security Testing in Escape, in addition to GraphQL 🚀 You like us on GraphQL. You will love us on REST. It's been a ride

DevSecOps

How to automate and secure deployment within GitLab CI with Syft and Grype

Ensuring the security of your code is paramount in today's fast-paced development landscape. Thankfully, the automation capabilities of CI/CD pipelines can make this process seamless. In this article, we'll guide you through setting up a GitLab CI pipeline that automates code security checks, allowing you

Announcement

October Spotlight: The major events not to be missed

If you’re not yet convinced that the fall is the best season to attend cybersecurity conferences, our upcoming event lineup might change your mind! This month, we're taking our team global, from the US to Monaco, Canada to Sweden. Are you planning to soak up the sun

Announcement

Escape – The API discovery & security testing platform is now available on AWS Marketplace

With Escape now available on AWS Marketplace, we’re making it easier for all AWS-affiliated organizations to automate the discovery and security testing of all their exposed APIs.

Case Study

Case Study: How Escape enhanced Shine's application security

Shine is the online banking subsidiary of Société Générale, one of the leading financial services groups in Europe. Specifically designed for professionals with a commitment to innovation and customer satisfaction, Shine offers a range of online banking solutions tailored to the modern user. At the heart of Shine's

Case Study

Case Study: How Thinkific has achieved enterprise-grade GraphQL security with Escape

Thinkific, a leading platform for creating and selling online courses, stands out for its commitment to flexibility and innovation. This dedication to innovative technologies led them to embrace GraphQL APIs as the center of their federated architecture. This system would aim to consolidate multiple existing APIs under one branch. However,

DevOps

Why does DevOps recommend "Shift left" principles?

Learn about the shift-left approach in cybersecurity and how it integrates security practices into the early stages of software development.

API

What is an API attack, and how to prevent it?

Explore common API attacks, understand their significant risks, and learn how to prevent them.

API

API Catalog & API Portal: A handbook of everything you should know

Discover the importance of API catalogs, their differences from API portals & gateways, and how to ensure optimal API management and security.

TypeScript

Using Protobuf with TypeScript

We recently moved to Protobuf to enforce consistency. Discover the pros and cons of migration to Protobuf and follow the step-by-step guide to create a tiny TypeScript-Protobuf prototype.