Escape - The API Security Blog (Page 5)

API gateway security: 8 best practices

Are your API gateways well secured? If you have doubts, then they are not. API gateways play a large role in securing the flow of data between clients and backend services. But with the surge in API adoption (nearly 90% of developers are using APIs) and the increasing sophistication of

Product updates

Implementing real-world authentication scenarios in your scans is now made easy

With our new dynamic authentication token generation feature, it takes just a few simple steps to implement real-world authentication scenarios in your scans.

API Security

Laravel SQL injection guide: Practical examples included

Want to know how to protect your Laravel applications? Dive into our latest blog post, where we guide you through the best practices for Laravel security. Explore how these techniques can not only enhance the security of your web applications but also bring tangible benefits to your development journey. In

API Security

Methodology: How we discovered over 18,000 API secret tokens

Hey there! It's just the beginning of the year, but our security research team has been working hard to identify current API security challenges. So for the Escape team, January went under the tagline "API secret sprawl" (we thought it was more fun than"Dry

Podcast

Security training: Necessary investment or overrated expense?⎥Mel Reyes (Global CEO, CIO, CISO, & CTO with 30 years of experience)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we’re excited to have an amazing guest, Mel Reyes, join us. Mel has navigated through two IPOs and three M&As, worked with several startups, Pepsi and

Django security

Best Django security practices

Learn to secure your Django applications effectively with our expert hands-on tutorial.

Product updates

Now you can easily gain comprehensive insights into your compliance posture

With our new Compliance Matrix feature, it takes just a few simple steps to get full visibility into your organization's compliance posture across all applications.

API Security

How to secure APIs built with Express.js

Want to know how to secure your Express.js APIs? Dive into our latest blog post, where we guide you through the best practices for Express.js security.

Podcast

What is ASPM: A breakdown of the current state and its future⎥James Berthoty (Security at PagerDuty)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we're excited to have an amazing guest, James Berthoty, joining us. James has been in technology for over 10 years across engineering and security. An early advocate

API Security

How to build secure APIs with Ruby on Rails: Security guide

Are your Ruby on Rails APIs as secure as they could be? In today's world, where digital security is no longer an option, ensuring the robustness of your APIs is crucial. If you find yourself uncertain when attempting to answer this question, then this guide is for you.

Flask security

Best practices to protect your Flask applications

Want to know how to protect your Flask applications? Dive into our latest blog post, where we guide you through the best practices for Flask security. Explore how these techniques can not only enhance the security of your web applications but also bring tangible benefits to your development journey. In

API Security

Webinar: Best Practices for API security

Learn the ins and outs of keeping your APIs secure.

Podcast

SCADA systems: How secure are the systems running our infrastructure?⎥Malav Vyas (Security Researcher at Palo Alto Networks)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we're excited to have an amazing guest, Malav Vyas, joining us. Malav is a security researcher at Palo Alto Networks, passionate about exploiting and securing systems. Security

API Security

Top 6 API security testing tools in 2025: a full review

When it comes to securing applications and APIs, the best API security testing tools are indispensable. These advanced solutions detect vulnerabilities by continuously scanning for weaknesses and simulating real-world attacks. But how do you choose between all API security testing vendors? Agentless API security tools are transforming application security by

Application Security

Threat modeling: the future of cybersecurity or another buzzword⎥Derek Fisher (author of The Application Security Handbook)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today we’re excited to have an amazing guest, Derek Fisher, joining us. Derek is a cybersecurity leader, a speaker on various cybersecurity topics, and author of the famous “The

API Security

10 best practices to secure your Spring Boot applications

Explore the top 10 Spring Boot security best practices from the Escape team to secure your Java web applications efficiently.

API Security

ASP.NET security best practices

Curious about the key strategies to ensure the security and reliability of your ASP.NET applications, including building APIs? Dive into our latest blog post, where we guide you through ASP.NET security best practices. Explore how these practices can not only enhance the security of your web applications but

Product updates

What’s new - Escape Product Updates

Discover our latest product updates: support for Insomnia collections, WP-JSON schema, and additional business logic security tests. Plus you can now fully benefit from Escape's public API.

Podcast

Security experience: top-down vs bottom-up⎥Jeevan Singh (Rippling, Twilio) ⎥The Elephant in AppSec Podcast

Welcome to the second episode of The Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.

Product Security Roadmap

Webinar Recap: Building your Product Security Roadmap

In-depth recap of our hands-on product security webinar with James Berthoty—gather the best knowledge and insights!

Application Security

What is business logic, and why it's important for application security

Is understanding business logic a critical component of application security? Absolutely. In the world of cybersecurity, business logic is more than just a set of operational directives. It serves as the crucial bridge between an application's technical function and its alignment with strategic business goals. More than that,

The Elephant in AppSec Podcast⎥Lack of effective DAST tools⎥Aleksandr Krasnov (Meta, Thinkific, Dropbox)

Welcome to the first episode of The Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.

Webinar: Best Practices for Security Compliance

How can you turn compliance from a box-ticking exercise into a strategic advantage for your organization? Join our upcoming webinar with DevSecOps expert, Wilson Mar, and get insights you need to optimize your approach to security compliance. 😔Unfortunately, this webinar has been canceled until further notice. One of our hosts

Pentesting

Different types of penetration testing

Penetration testing, commonly known as pentesting, involves simulating a real attack on a server to assess its vulnerabilities against potential real-world attacks. While the primary goal is to emulate concrete threats, pentesting can extend beyond, offering insights into the potential consequences if confidential data were to fall into malicious hackers&

Application Security

SAST vs DAST: how to make the choice and combine them effectively

Should you choose between SAST and DAST? Perhaps the real question is, why not use both in your application security strategy? Let's be honest—vulnerabilities are often discovered when it's too late. No matter how well developers follow secure coding guidelines, it's impossible to