Escape - The API Security Blog

Flask security

Best practices to protect your Flask applications

Want to know how to protect your Flask applications? Dive into our latest blog post, where we guide you through the best practices for Flask security. Explore how these techniques can not only enhance the security of your web applications but also bring tangible benefits to your development journey. In

API Security

Webinar: Best Practices for API security

Learn the ins and outs of keeping your APIs secure.

Podcast

SCADA systems: How secure are the systems running our infrastructure?⎥Malav Vyas (Security Researcher at Palo Alto Networks)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we're excited to have an amazing guest, Malav Vyas, joining us. Malav is a security researcher at Palo Alto Networks, passionate about exploiting and securing systems. Security

API Security

Top 6 API security testing tools in 2025: a full review

💡The Top 6 API Security Testing Tools include: 1. Escape 2. Noname security 3. Salt Security 4. Stackhawk 5. Rapid7 6. Traceable How safe are your applications? In recent years, the significance of API usage and hence of API security has skyrocketed. However, as API adoption skyrockets, so do security

Application Security

Threat modeling: the future of cybersecurity or another buzzword⎥Derek Fisher (author of The Application Security Handbook)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today we’re excited to have an amazing guest, Derek Fisher, joining us.  Derek is a cybersecurity leader, a speaker on various cybersecurity topics, and author of the famous “The

API Security

10 best practices to secure your Spring Boot applications

Explore the top 10 Spring Boot security best practices from the Escape team to secure your Java web applications efficiently.

API Security

ASP.NET security best practices

Curious about the key strategies to ensure the security and reliability of your ASP.NET applications, including building APIs? Dive into our latest blog post, where we guide you through ASP.NET security best practices. Explore how these practices can not only enhance the security of your web applications but

Product updates

What’s new - Escape Product Updates

Discover our latest product updates: support for Insomnia collections, WP-JSON schema, and additional business logic security tests. Plus you can now fully benefit from Escape's public API.

Podcast

Security experience: top-down vs bottom-up⎥Jeevan Singh (Rippling, Twilio) ⎥The Elephant in AppSec Podcast

Welcome to the second episode of The Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.

Product Security Roadmap

Webinar Recap: Building your Product Security Roadmap

In-depth recap of our hands-on product security webinar with James Berthoty—gather the best knowledge and insights!

Application Security

What is business logic, and why it's important for application security

Is understanding business logic a critical component of application security? Absolutely. In the world of cybersecurity, business logic is more than just a set of operational directives. It serves as the crucial bridge between an application's technical function and its alignment with strategic business goals. More than that,

The Elephant in AppSec Podcast⎥Lack of effective DAST tools⎥Aleksandr Krasnov (Meta, Thinkific, Dropbox)

Welcome to the first episode of The Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.

Webinar: Best Practices for Security Compliance

How can you turn compliance from a box-ticking exercise into a strategic advantage for your organization? Join our upcoming webinar with DevSecOps expert, Wilson Mar, and get insights you need to optimize your approach to security compliance. 😔Unfortunately, this webinar has been canceled until further notice. One of our hosts

Pentesting

Different types of penetration testing

Penetration testing, commonly known as pentesting, involves simulating a real attack on a server to assess its vulnerabilities against potential real-world attacks. While the primary goal is to emulate concrete threats, pentesting can extend beyond, offering insights into the potential consequences if confidential data were to fall into malicious hackers&

Application Security

SAST vs DAST: how to make the choice and combine them effectively

Should you choose between SAST and DAST? Perhaps the real question is, why not use both in your application security strategy? Let's be honest—vulnerabilities are often discovered when it's too late. No matter how well developers follow secure coding guidelines, it's impossible to

Application Security

Vulnerability Management Lifecycle: 5 Steps and Best Practices

Maintaining robust security of your organization is not just crucial in 2023 – it's a survival strategy. The recent data breach at 23andMe in October 2023 is a case in point. This incident, where a credential-stuffing attack led to unauthorized access to customer accounts, underscores a harsh reality. Even

Announcement

Introducing Agentless API Discovery & Inventory

Today, we’re finally unveiling new capabilities of Escape - agentless discovery and inventory of APIs within their specific business context.

API Security

Introducing your new API security testing assistant: Meet our GPT Bot!

Hey there 👋 We've got some exciting news to share with you today! We're thrilled to introduce you to our brand-new API security testing assistant: the GPT Bot "API Guardian". Are you tired of spending endless hours proactively looking for the best practices to test

Events

Webinar: Building Your Product Security Roadmap

Whether you're in the first few weeks of your ProdSec journey or building your Product security program for 2024, you might feel lost trying to wrap your head around all the attack surface your org faces and identifying some of the biggest security gaps. Don't worry,

Case Study

Case Study: How Lightspeed ensures full security compliance with Escape

Lightspeed, a technology partner to more than 160,000 global retail and hospitality businesses, has recently transitioned to a centralized payments model and adopted GraphQL APIs as a cornerstone of its operations. GraphQL allowed Lightspeed to improve both efficiency and flexibility in data retrieval, resulting in better overall system performance.

Application Security

How to establish an application security policy

As organizations increasingly rely on web and mobile applications to conduct business, robust application security has become paramount. Cyberattacks are on the rise, and without adequate protection, businesses risk losing sensitive data, revenue, and reputational damage. Having an application security policy in place is the first line of defense against

DevSecOps

DevOps vs DevSecOps: exploring the key differences and how to make the shift

Companies are constantly searching for ways to deliver high-quality products quickly and efficiently. The evolution of DevOps revolutionized the industry by merging development and operations teams, breaking down silos, and fostering collaboration and communication. However, as startups and businesses strive for agility and speed, security often falls by the wayside.

Competitor Comparison

Escape vs StackHawk

Update: January 2025. Explore how StackHawk differs from Escape, weigh the advantages and disadvantages of both, and determine the best fit for your company.

API Security

Escape API Security Checklist

Are you looking to make your API security program stronger? Do you sometimes find it challenging to spot and address security vulnerabilities effectively? You're not alone! Many security professionals like you face challenges in improving API security because technology and cyber threats keep changing. This makes ensuring strong

Competitor Comparison

Escape vs 42Crunch

Today, attackers prioritize exploiting an application's business logic flaws and API vulnerabilities, which may result in the unauthorized extraction of sensitive data. Understanding an application's business logic is challenging, and requires a security platform that comprehends an application's functionalities to address complex API attacks.