Tagged

Application Security

A collection of 78 posts

API Security

Escape vs Noname Security (recently acquired by Akamai)

Discover how Escape helps implementing API Security faster and with lower overhead than traffic-based solutions like Noname Security.

API Discovery

How Escape’s agentless API discovery technology works

Discover what makes Escape's agentless API discovery technology truly innovative.

API Security

Reinventing API security: Why Escape is better than traditional DAST tools

We have been doing API Security wrong. Discover how the limitations of DAST API security tools might impact your security and why Escape's technology is the best way to protect your APIs.

API Security

Reinventing API security: Why Escape is better than traditional traffic-based tools

We have been doing API Security wrong. Discover how the limitations of traffic-based API security tools might impact your security and why Escape's agentless technology is the best way to protect your APIs.

API Security

The State of GraphQL Security 2024

Insights from 13,000 GraphQL API issues: Read our deep dive into the current state of GraphQL security.

API Security

Introducing the API Threat Landscape, a new resource for API security researchers

Since 2022, Escape's security research team has been tracking API-related data breaches. We’ve decided to make our database public, providing detailed insights into primary attack vectors, threat actors, tools, and techniques. The database is updated every two weeks.

API Security

Limitations of current automatic specification generation tools

Have you ever wondered how automatic specification generation can streamline API security scanning? By significantly reducing the manual effort involved in creating and maintaining API specifications, automated tools offer clear benefits in terms of scan accuracy and setup time. Yet, many existing tools on the market have notable limitations. Understanding

Webinar recap

Webinar recap: How to build relationships with developers?

Join our guest expert, Dustin Lehr, to learn how to earn developers' respect, introduce gamification, and get issues fixed in a security context.

Application Security

How to secure non-human identities? with Andrew Wilder and Amir Shaked

This blog is based on our conversation with Andrew Wilder, Retained Chief Security Officer at Community Veterinary Partners and Amir Shaked, VP of R&D at Oasis Security. It covers the unique challenges of securing non-human identities.

Application Security

The Elephant in AppSec Conference is here!

Get ready for some opinionated talks.

Application Security

Software Supply Chain Risks ⎪Cassie Crossley (VP Supply Chain Security, Schneider Electric)

This blog is based on our conversation with Cassie Crossley, Vice President of Supply Chain Security at Schneider Electric. It covers the unique challenges of software supply chain security.

Webinar

Webinar: How to build relationships with developers

Are you a security leader struggling to connect meaningfully with your developers? Join our guest expert, Dustin Lehr, to learn how to earn developers' respect, introduce gamification, and get issues fixed.

Podcast

Security challenges in the financial sector⎪Max Imbiel (CISO, Bitpanda)

This blog is based on the podcast episode with Max Imbiel, CISO at Bitpanda. It covers the unique challenges of building secure financial applications.

DAST

We benchmarked DAST products, and this is what we learned

When we started, we wanted to understand how to validate the quality of Escape's scanner findings and be able to benchmark them. Dynamic application scanning solutions are notorious for not being able to scan complex vulnerabilities, specifically the business logic vulnerabilities, and other deficiencies, and even though we

API Security

DAST is dead, why Business Logic Security Testing takes center stage

“DAST is dead”—that’s the phrase that appears every year on social media and in cybersecurity newsletters. But what if in 2024, it finally came true? DAST, Dynamic Application Security Testing (even though we see a new terminology “Dynamic API Security Testing” popping up here and there within the

API Inventory

API Inventory: New features and improvements

With our updates to API discovery and inventory, you gain even more capabilities to easily achieve complete governance.

Custom Security Tests

Are custom security tests a product security superpower? ⎜Keshav Malik (LinkedIn)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. In this article, we'll cover the main takeaways from our conversation with Keshav Malik, a senior Product Security Engineer at LinkedIn. Our goal is to help you understand

Application Security

How to secure cloud-native applications

This article is based on the Elephant in AppSec podcast episode with Mihir Shah, a Senior Staff Application Security Engineer at ForgeRock, and the author of the Cloud Native Software Security Handbook.

API Discovery

The challenges and opportunities of API governance in 2024

Learn more about the concept of API sprawl, its implications, and the challenges and importance of API governance.

API Security

Workshop "How to write custom security tests" - Main Takeaways

Organizations are constantly seeking ways to improve their defenses against business logic vulnerabilities. These vulnerabilities, often difficult to detect, can lead to significant security breaches if left unchecked. To address this challenge, we've introduced a new feature within our platform that empowers teams to create custom business logic

API Security

Why security engineers need a new approach to identify business logic flaws

In the last decade, security scanners have evolved to identify common vulnerabilities like SQL injections. But that’s just not enough anymore. In 2024, data leaks in applications come from exploiting business logic flaws. In the next few years, applications will grow in size and number too fast, so the

Podcast

The art and science of product security: A deep dive with Jacob Salassi

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today we’re excited to have an amazing guest, Jacob Salassi, join us. You can find the main takeaways from our conversation with Jacob just down below! Jacob's

Application Security

Building security training for developers in 2024: Is it really worth it and how to proceed?

If you're a security engineer, the chances that you've struggled with your development team to implement secure coding practices are high. If you don't have the right culture in your organization, it might be even harder. Developers consider you as an adversary, rather than

API Security

How to secure your API secret keys from being exposed?

Learn about the dangers of API secret key exposure and discover our selection of prevention strategies.

Podcast

Developers and security training: can they co-exist?⎜Laura Bell Main

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we’re excited to have an amazing guest, Laura Bell Main, join us. With over 20 years in software development and application security, Laura is the co-founder and CEO