API Security - Escape - The API Security Blog

The State of GraphQL Security 2024

Insights from 13,000 GraphQL API issues: Read our deep dive into the current state of GraphQL security.

Introducing the API Threat Landscape, a new resource for API security researchers

Since 2022, Escape's security research team has been tracking API-related data breaches. We’ve decided to make our database public, providing detailed insights into primary attack vectors, threat actors, tools, and techniques. The database is updated every two weeks.

API Security

Limitations of current automatic specification generation tools

Have you ever wondered how automatic specification generation can streamline API security scanning? By significantly reducing the manual effort involved in creating and maintaining API specifications, automated tools offer clear benefits in terms of scan accuracy and setup time. Yet, many existing tools on the market have notable limitations. Understanding

Product updates

Vulnerabilities prioritization funnel: Focus on what matters

We are excited to announce updates to our vulnerability prioritization funnel, which will help you focus on vulnerabilities that pose a real danger to your business.

DAST

We benchmarked DAST products, and this is what we learned

When we started, we wanted to understand how to validate the quality of Escape's scanner findings and be able to benchmark them. Dynamic application scanning solutions are notorious for not being able to scan complex vulnerabilities, specifically the business logic vulnerabilities, and other deficiencies, and even though we

GraphQL Security

How to secure GraphQL APIs: challenges and best practices

GraphQL APIs, while offering robust features and flexibility, present unique security challenges compared to traditional REST APIs. This article delves into the complexities of securing GraphQL APIs, highlighting common vulnerabilities and providing a comprehensive guide to best practices for building secure GraphQL apps. A visual learner? Check out our latest

API Security

DAST is dead, why Business Logic Security Testing takes center stage

“DAST is dead”—that’s the phrase that appears every year on social media and in cybersecurity newsletters. But what if in 2024, it finally came true? DAST, Dynamic Application Security Testing (even though we see a new terminology “Dynamic API Security Testing” popping up here and there within the

API Security

Escape's proprietary Business Logic Security Testing algorithm: what makes it innovative

Testing APIs for Business Logic vulnerabilities is hard. Actually, this is a mission that old-school DAST solutions like ZAP (formerly OWASP ZAP) cannot handle. I'm Antoine Carossio, passionate about Computer Science for more than 15 years now and cofounder & CTO of Escape. With my team, we'

Product updates

DAST Scanner: New features and improvements

We are excited to announce the updates to our DAST scanner, helping you achieve improved performance and obtain better results when testing your APIs.

API Security

[Webinar] How to secure GraphQL

Join Uri Goldshtein and Tristan Kalos for a webinar on GraphQL security and learn to secure your GraphQL APIs.

Custom Security Tests

Are custom security tests a product security superpower? ⎜Keshav Malik (LinkedIn)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. In this article, we'll cover the main takeaways from our conversation with Keshav Malik, a senior Product Security Engineer at LinkedIn. Our goal is to help you understand

API Governance

The challenges and opportunities of API governance in 2024

Learn more about the concept of API sprawl, its implications, and the challenges and importance of API governance.

API Security

[Fireside Chat] API sprawl: Understanding the growing challenge of 2024 and how to navigate it

Hey there 👋 Join Bill Doerrfeld, tech journalist and Editor-in-Chief at the Nordic APIs blog, Erik Wilde, OAI Ambassador at the OpenAPI Initiative, and Antoine Carossio, CTO and co-founder at Escape, for a fireside chat on the challenges of API sprawl. Sign me up! During this live discussion, they will explore:

API Security

Escape vs Burp Suite Enterprise

Today, attackers prioritize exploiting an application's business logic flaws and API vulnerabilities, which may result in the unauthorized extraction of sensitive data. Understanding an application's business logic is challenging, and requires a security platform that comprehends an application's functionalities to address complex API attacks.

API Security

Workshop "How to write custom security tests" - Main Takeaways

Organizations are constantly seeking ways to improve their defenses against business logic vulnerabilities. These vulnerabilities, often difficult to detect, can lead to significant security breaches if left unchecked. To address this challenge, we've introduced a new feature within our platform that empowers teams to create custom business logic

API Security

Why security engineers need a new approach to identify business logic flaws

In the last decade, security scanners have evolved to identify common vulnerabilities like SQL injections. But that’s just not enough anymore. In 2024, data leaks in applications come from exploiting business logic flaws. In the next few years, applications will grow in size and number too fast, so the

Product updates

Introducing Escape rules - Rules that adapt for you

Today, we’re launching customization improvements to Escape’s automated testing capabilities. With Escape Rules, you can now write custom security tests that do not require any maintenance and adapt to each newly discovered API and each new version of your existing APIs. 💡Want to learn how to write custom

API Security

Sensitive data exposure: How to prevent it and where do we stand in 2024

Do you fully grasp the magnitude of sensitive data exposure? It stands as one of the most prevalent and menacing threats to organizational security in 2024. Picture any information quintessential to an individual's or a company's identity and safety - personal, financial, health, or trade secrets.

API Security

How to secure your API secret keys from being exposed?

Learn about the dangers of API secret key exposure and discover our selection of prevention strategies.

API Security

API security for PCI compliance: A deep dive into the PCI DSS 4.0 impact

There are more than 50 new requirements in PCI DSS v4.0 – do you know which ones apply to you and what you need to do to meet them?  The March deadline is approaching, and we want to ensure you're fully prepared for the changes ahead. The deadline

API Security

How to secure gRPC APIs

Looking for ways to secure gRPC APIs? Don't worry, we've got you covered! In this article, we will be exploring the topic of gRPC security and its importance in ensuring the security of API endpoints. We will also discuss the role of dynamic application security testing

API Security

Understanding Broken Object Level Authorization (BOLA) Vulnerability in API Security

Want to know how to secure your applications? You're in the right place. In this article, we will discuss a critical vulnerability that ranks number one in the OWASP API top 10 2023 - Broken Object Level Authorization, also known as BOLA. We will explore the concept of

API Security

How to secure APIs built with FastAPI: A complete guide

Want to know how to secure your APIs built with FastAPI? Dive into our latest blog post, where we guide you through the best practices for FastAPI security.

API Gateway Security

API gateway security: 8 best practices

Are your API gateways well secured? If you have doubts, then they are not. API gateways play a large role in securing the flow of data between clients and backend services. But with the surge in API adoption (nearly 90% of developers are using APIs) and the increasing sophistication of

API Security

Laravel SQL injection guide: Practical examples included

Want to know how to protect your Laravel applications? Dive into our latest blog post, where we guide you through the best practices for Laravel security. Explore how these techniques can not only enhance the security of your web applications but also bring tangible benefits to your development journey. In