Application Security - Escape - The API Security Blog

DAST is dead, why Business Logic Security Testing takes center stage

“DAST is dead”—that’s the phrase that appears every year on social media and in cybersecurity newsletters. But what if in 2024, it finally came true? DAST, Dynamic Application Security Testing (even though we see a new terminology “Dynamic API Security Testing” popping up here and there within the

API Inventory

API Inventory: New features and improvements

With our updates to API discovery and inventory, you gain even more capabilities to easily achieve complete governance.

Custom Security Tests

Are custom security tests a product security superpower? ⎜Keshav Malik (LinkedIn)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. In this article, we'll cover the main takeaways from our conversation with Keshav Malik, a senior Product Security Engineer at LinkedIn. Our goal is to help you understand

Application Security

How to secure cloud-native applications

This article is based on the Elephant in AppSec podcast episode with Mihir Shah, a Senior Staff Application Security Engineer at ForgeRock, and the author of the Cloud Native Software Security Handbook.

API Governance

The challenges and opportunities of API governance in 2024

Learn more about the concept of API sprawl, its implications, and the challenges and importance of API governance.

API Security

Workshop "How to write custom security tests" - Main Takeaways

Organizations are constantly seeking ways to improve their defenses against business logic vulnerabilities. These vulnerabilities, often difficult to detect, can lead to significant security breaches if left unchecked. To address this challenge, we've introduced a new feature within our platform that empowers teams to create custom business logic

API Security

Why security engineers need a new approach to identify business logic flaws

In the last decade, security scanners have evolved to identify common vulnerabilities like SQL injections. But that’s just not enough anymore. In 2024, data leaks in applications come from exploiting business logic flaws. In the next few years, applications will grow in size and number too fast, so the

Podcast

The art and science of product security: A deep dive with Jacob Salassi

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today we’re excited to have an amazing guest, Jacob Salassi, join us. You can find the main takeaways from our conversation with Jacob just down below! Jacob's

Application Security

Building security training for developers in 2024: Is it really worth it and how to proceed?

If you're a security engineer, the chances that you've struggled with your development team to implement secure coding practices are high. If you don't have the right culture in your organization, it might be even harder. Developers consider you as an adversary, rather than

API Security

How to secure your API secret keys from being exposed?

Learn about the dangers of API secret key exposure and discover our selection of prevention strategies.

Podcast

Developers and security training: can they co-exist?⎜Laura Bell Main

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we’re excited to have an amazing guest, Laura Bell Main, join us. With over 20 years in software development and application security, Laura is the co-founder and CEO

API Security

API security for PCI compliance: A deep dive into the PCI DSS 4.0 impact

There are more than 50 new requirements in PCI DSS v4.0 – do you know which ones apply to you and what you need to do to meet them?  The March deadline is approaching, and we want to ensure you're fully prepared for the changes ahead. The deadline

API Security

How to secure gRPC APIs

Looking for ways to secure gRPC APIs? Don't worry, we've got you covered! In this article, we will be exploring the topic of gRPC security and its importance in ensuring the security of API endpoints. We will also discuss the role of dynamic application security testing

Podcast

AppSec vendors and CISOs: a love-hate relationship? ⎜Olivia Rose

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we're joined by an amazing guest, Olivia Rose. Olivia is an executive leader with more than 20 years of dedicated experience, having served as the former CISO

API Security

How to secure APIs built with FastAPI: A complete guide

Want to know how to secure your APIs built with FastAPI? Dive into our latest blog post, where we guide you through the best practices for FastAPI security.

Application Security

4 lessons from recent application security case studies

Every organization, no matter how big or small, if it's dependent on the software (which is impossible not to be in the modern world), must prioritize software security. Interested in enhancing yours? Want to know how real-world application security challenges are tackled? Let's get straight to

API Security

Methodology: How we discovered over 18,000 API secret tokens

Hey there! It's just the beginning of the year, but our security research team has been working hard to identify current API security challenges. So for the Escape team, January went under the tagline "API secret sprawl" (we thought it was more fun than"Dry

Podcast

Security training: Necessary investment or overrated expense?⎥Mel Reyes (Global CEO, CIO, CISO, & CTO with 30 years of experience)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we’re excited to have an amazing guest, Mel Reyes, join us. Mel has navigated through two IPOs and three M&As, worked with several startups, Pepsi and

Django security

Best Django security practices

Learn to secure your Django applications effectively with our expert hands-on tutorial.

API Security

How to secure APIs built with Express.js

Want to know how to secure your Express.js APIs? Dive into our latest blog post, where we guide you through the best practices for Express.js security.

Podcast

What is ASPM: A breakdown of the current state and its future⎥James Berthoty (Security at PagerDuty)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we're excited to have an amazing guest, James Berthoty, joining us. James has been in technology for over 10 years across engineering and security. An early advocate

API Security

How to build secure APIs with Ruby on Rails: Security guide

Are your Ruby on Rails APIs as secure as they could be? In today's world, where digital security is no longer an option, ensuring the robustness of your APIs is crucial. If you find yourself uncertain when attempting to answer this question, then this guide is for you.

Flask security

Best practices to protect your Flask applications

Want to know how to protect your Flask applications? Dive into our latest blog post, where we guide you through the best practices for Flask security. Explore how these techniques can not only enhance the security of your web applications but also bring tangible benefits to your development journey. In

API Security

Webinar: Best Practices for API security

Learn the ins and outs of keeping your APIs secure.

Podcast

SCADA systems: How secure are the systems running our infrastructure?⎥Malav Vyas (Security Researcher at Palo Alto Networks)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we're excited to have an amazing guest, Malav Vyas, joining us. Malav is a security researcher at Palo Alto Networks, passionate about exploiting and securing systems. Security