Best Practices - Escape - The API Security Blog

An Analysis of Kuppinger Cole’s Selection Criteria for API Management and Security

Discover how Escape fits the Kuppinger Cole selection criteria of API Management and Security Solutions.

How to build secure APIs with Ruby on Rails: Security guide

Are your Ruby on Rails APIs as secure as they could be? In today's world, where digital security is no longer an option, ensuring the robustness of your APIs is crucial. If you find yourself uncertain when attempting to answer this question, then this guide is for you.

API Security

10 best practices to secure your Spring Boot applications

Explore the top 10 Spring Boot security best practices from the Escape team to secure your Java web applications efficiently.

API Security

ASP.NET security best practices

Curious about the key strategies to ensure the security and reliability of your ASP.NET applications, including building APIs? Dive into our latest blog post, where we guide you through ASP.NET security best practices. Explore how these practices can not only enhance the security of your web applications but

Best Practices

CSRF vs XSS: What is the difference?

Web safety matters. XSS is like sneaky bad notes, while CSRF tricks sites as if it's you. Both misuse website trust. We'll explore how they work and how to protect sites, including using CSRF tokens. Learn about online security with us!

GraphQL

What are Insecure Direct Object References (IDOR) in GraphQL, and how to fix them

As developers, ensuring the security of our applications is crucial. Insecure Direct Object References (IDOR) are common security vulnerabilities that occur when a system's internal implementation is exposed to users, allowing them to manipulate references to access unauthorized data. GraphQL, a powerful data query and manipulation language for

GraphQL Vulnerability

Demystifying GraphQL Security: A Comprehensive Guide to Introspection

Whether or not to disable introspection has been a common debate among GraphQL developers since its inception. In this blog post, we will explain why completely disabling introspection is not necessary and why it can be counterproductive. I can't really find any good reasons for blocking/removing #GraphQL

Research

The State of Public APIs 2023

tl;dr we scanned 6056+ public APIs on the internet with our in-house feedback driven exploration tech and ranked them using security, performance, reliability, and design criteria. We decided to analyze the resulting data and produce a full featured report: The State of Public APIs 2023 Why build this report?

Best Practices

GraphQL errors: the Good, the Bad and the Ugly

Managing GraphQL errors can be quite a challenging task, and we tried a lot of different approaches over time. Keep reading to know what we've learned along the way.

Best Practices

GraphQL Error Handling Best Practices for Security

Error messages in GraphQL are rarely seen as a security concern, yet they should. The risk? Leaking information and data! Learn more about GraphQL errors and how to handle them.

AppSec

9 GraphQL Security Best Practices

GraphQL has no security by default. All doors are open for the most basic attacks. Read more to learn about the exact threats and some simple strategies you can implement to get your users' data under lock and key 🔐

DevSecOps

Top 7 DevSecOps Best Practices

DevSecOps aims at integrating security inside the development process. It can be hard to know where to start. In this article, learn the best practices to implement DevSecOps in your engineering teams.

Tutorial

Guide to handling relational databases with Prisma, NestJS and GraphQL

This articles presents a basic GraphQL application illustrating our methods and guidelines for producing backend code.