API Security - Escape - The API Security Blog

Tagged

API Security

A collection of 43 posts

How to secure GraphQL APIs: challenges and best practices

GraphQL Security

How to secure GraphQL APIs: challenges and best practices

GraphQL APIs, while offering robust features and flexibility, present unique security challenges compared to traditional REST APIs. This article delves into the complexities of securing GraphQL APIs, highlighting common vulnerabilities and providing a comprehensive guide to best practices for building secure GraphQL apps. A visual learner? Check out our latest

DAST is dead, why Business Logic Security Testing takes center stage

DAST is dead, why Business Logic Security Testing takes center stage

“DAST is dead”—that’s the phrase that appears every year on social media and in cybersecurity newsletters. But what if in 2024, it finally came true? DAST, Dynamic Application Security Testing (even though we see a new terminology “Dynamic API Security Testing” popping up here and there within the

Escape's proprietary Business Logic Security Testing algorithm: what makes it innovative

Escape's proprietary Business Logic Security Testing algorithm: what makes it innovative

Testing APIs for Business Logic vulnerabilities is hard. Actually, this is a mission that old-school DAST solutions like ZAP (formerly OWASP ZAP) cannot handle. I'm Antoine Carossio, passionate about Computer Science for more than 15 years now and cofounder & CTO of Escape. With my team, we'

DAST Scanner: New features and improvements

Product updates

DAST Scanner: New features and improvements

We are excited to announce the updates to our DAST scanner, helping you achieve improved performance and obtain better results when testing your APIs.

[Webinar] How to secure GraphQL

[Webinar] How to secure GraphQL

Join Uri Goldshtein and Tristan Kalos for a webinar on GraphQL security and learn to secure your GraphQL APIs.

Are custom security tests a product security superpower? ⎜Keshav Malik (LinkedIn)

Custom Security Tests

Are custom security tests a product security superpower? ⎜Keshav Malik (LinkedIn)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. In this article, we'll cover the main takeaways from our conversation with Keshav Malik, a senior Product Security Engineer at LinkedIn. Our goal is to help you understand

The challenges and opportunities of API governance in 2024

The challenges and opportunities of API governance in 2024

Learn more about the concept of API sprawl, its implications, and the challenges and importance of API governance.

[Fireside Chat] API sprawl: Understanding the growing challenge of 2024 and how to navigate it

[Fireside Chat] API sprawl: Understanding the growing challenge of 2024 and how to navigate it

Hey there 👋 Join Bill Doerrfeld, tech journalist and Editor-in-Chief at the Nordic APIs blog, Erik Wilde, OAI Ambassador at the OpenAPI Initiative, and Antoine Carossio, CTO and co-founder at Escape, for a fireside chat on the challenges of API sprawl. Sign me up! During this live discussion, they will explore:

Escape vs Burp Suite Enterprise

Escape vs Burp Suite Enterprise

Today, attackers prioritize exploiting an application's business logic flaws and API vulnerabilities, which may result in the unauthorized extraction of sensitive data. Understanding an application's business logic is challenging, and requires a security platform that comprehends an application's functionalities to address complex API attacks.

Workshop "How to write custom security tests" - Main Takeaways

Workshop "How to write custom security tests" - Main Takeaways

Organizations are constantly seeking ways to improve their defenses against business logic vulnerabilities. These vulnerabilities, often difficult to detect, can lead to significant security breaches if left unchecked. To address this challenge, we've introduced a new feature within our platform that empowers teams to create custom business logic

Why security engineers need a new approach to identify business logic flaws

Why security engineers need a new approach to identify business logic flaws

In the last decade, security scanners have evolved to identify common vulnerabilities like SQL injections. But that’s just not enough anymore. In 2024, data leaks in applications come from exploiting business logic flaws. In the next few years, applications will grow in size and number too fast, so the

Introducing Escape rules - Rules that adapt for you

Product updates

Introducing Escape rules - Rules that adapt for you

Today, we’re launching customization improvements to Escape’s automated testing capabilities. With Escape Rules, you can now write custom security tests that do not require any maintenance and adapt to each newly discovered API and each new version of your existing APIs. 💡Want to learn how to write custom

Sensitive data exposure: How to prevent it and where do we stand in 2024

Sensitive data exposure: How to prevent it and where do we stand in 2024

Do you fully grasp the magnitude of sensitive data exposure? It stands as one of the most prevalent and menacing threats to organizational security in 2024. Picture any information quintessential to an individual's or a company's identity and safety - personal, financial, health, or trade secrets.

How to secure your API secret keys from being exposed?

How to secure your API secret keys from being exposed?

Learn about the dangers of API secret key exposure and discover our selection of prevention strategies.

API security for PCI compliance: A deep dive into the PCI DSS 4.0 impact

API security for PCI compliance: A deep dive into the PCI DSS 4.0 impact

There are more than 50 new requirements in PCI DSS v4.0 – do you know which ones apply to you and what you need to do to meet them?  The March deadline is approaching, and we want to ensure you're fully prepared for the changes ahead. The deadline

How to secure gRPC APIs

How to secure gRPC APIs

Looking for ways to secure gRPC APIs? Don't worry, we've got you covered! In this article, we will be exploring the topic of gRPC security and its importance in ensuring the security of API endpoints. We will also discuss the role of dynamic application security testing

Understanding Broken Object Level Authorization (BOLA) Vulnerability in API Security

Understanding Broken Object Level Authorization (BOLA) Vulnerability in API Security

Want to know how to secure your applications? You're in the right place. In this article, we will discuss a critical vulnerability that ranks number one in the OWASP API top 10 2023 - Broken Object Level Authorization, also known as BOLA. We will explore the concept of

How to secure APIs built with FastAPI: A complete guide

How to secure APIs built with FastAPI: A complete guide

Want to know how to secure your APIs built with FastAPI? Dive into our latest blog post, where we guide you through the best practices for FastAPI security.

API gateway security: 8 best practices

API Gateway Security

API gateway security: 8 best practices

Are your API gateways well secured? If you have doubts, then they are not. API gateways play a large role in securing the flow of data between clients and backend services. But with the surge in API adoption (nearly 90% of developers are using APIs) and the increasing sophistication of

Laravel SQL injection guide: Practical examples included

Laravel SQL injection guide: Practical examples included

Want to know how to protect your Laravel applications? Dive into our latest blog post, where we guide you through the best practices for Laravel security. Explore how these techniques can not only enhance the security of your web applications but also bring tangible benefits to your development journey. In

Methodology: How we discovered over 18,000 API secret tokens

Methodology: How we discovered over 18,000 API secret tokens

Hey there! It's just the beginning of the year, but our security research team has been working hard to identify current API security challenges. So for the Escape team, January went under the tagline "API secret sprawl" (we thought it was more fun than"Dry

Best Django security practices

Django security

Best Django security practices

Learn to secure your Django applications effectively with our expert hands-on tutorial.

How to secure APIs built with Express.js

How to secure APIs built with Express.js

Want to know how to secure your Express.js APIs? Dive into our latest blog post, where we guide you through the best practices for Express.js security.

How to build secure APIs with Ruby on Rails: Security guide

How to build secure APIs with Ruby on Rails: Security guide

Are your Ruby on Rails APIs as secure as they could be? In today's world, where digital security is no longer an option, ensuring the robustness of your APIs is crucial. If you find yourself uncertain when attempting to answer this question, then this guide is for you.

Webinar: Best Practices for API security

Webinar: Best Practices for API security

Learn the ins and outs of keeping your APIs secure.