API Security - Escape - The API Security Blog

What are API attacks, and how to prevent them?

Explore common API attacks, understand their significant risks, and learn how to prevent them.

API Catalog & API Portal: A handbook of everything you should know

Discover the importance of API catalogs, their differences from API portals & gateways, and how to ensure optimal API management and security.

Best Practices

CSRF vs XSS: What is the difference?

Web safety matters. XSS is like sneaky bad notes, while CSRF tricks sites as if it's you. Both misuse website trust. We'll explore how they work and how to protect sites, including using CSRF tokens. Learn about online security with us!

API Security

The API Security Academy: Under the Hood

The API Security Academy is built upon a technology that comes straight from the future—and by that, we mean the brilliant minds at StackBlitz—WebContainers. You may already know regular containers, the ones you can run with Docker and Kubernetes, which are lightweight virtualization units that allow developers to

GraphQL

API Security Academy: a smarter way to learn GraphQL security

Learning about GraphQL security is now more accessible than ever! We're excited to introduce the API Security Academy, developed by the Escape team. Escape's API Security Academy is a free and open-source collection of interactive challenges that will teach you how to secure your GraphQL applications. The challenges are designed

Web3 Security

Top 5 Web3 security breaches: A deep dive into DApp frontend and API vulnerabilities

The world is gearing more into a phase of individual ownership of data and digital assets without external interference. This metamorphosis of the web is commonly called Web3. It combines frontend technology, smart contracts, and other components of backend technology, such as indexing, querying, and database management. Smart contracts, a

API Security

Introducing business logic security testing for REST APIs

tl;dr After one year and a half of approaching API security through the lenses of GraphQL, we are proud to introduce beta support for REST API Security Testing in Escape, in addition to GraphQL. You can register for the beta using this link. You like us on GraphQL. You

Announcement

Escape raises $3.9 million in seed to secure APIs at every development stage

Official Press release * Six months after releasing its API security platform, Escape has already secured the applications of 1000+ organizations worldwide and just graduated from Y Combinator. * The funding will allow the company to hire new team members covering European and US-based customers, aiming to double the team’s size

GraphQL Vulnerability

Cross-Site Scripting (XSS) in GraphQL

Every Monday morning, you go through your ritual and check the users' feedback. This week, despite all the wonderful feedback, some users are complaining that someone has impersonated them and performed actions on their accounts without their knowledge. After some investigation, you discover that all the complaining users have each

GraphQL

Input Validation and Sanitization in GraphQL

Why input validation and sanitization are important in GraphQL? GraphQL allows you to identify the data and validate inputs based on type information. By default, GraphQL Specification has the Int, Float, String, Boolean and ID Scalar types. But as a conscious API developer, you've probably come across situations where user

GraphQL

Secure your GraphQL API within your CI/CD

Enhance CI/CD security with Escape GraphQL integration. Detect vulnerabilities early, prevent costly consequences, and turn DevOps into DevSecOps