The API Secret Sprawl 2024

How we discovered over 18,000 API secret tokens by analyzing 1M domains on the web

State of GraphQL Security 2023

What scanning 1500+ endpoints has told us about securing GraphQL in production...

State of Public APIs 2023

Analysis of the design, performance and security of 6000+ Public APIs

API Security Checklist

Are you looking to make your API security program stronger? Our API Security Checklist is here to help.

OWASP TOP 10 checklist

Discover the latest insights into the 2023 OWASP API Security Top 10.

DevSecOps checklist

Learn the best practices to implement DevSecOps in your engineering teams.

How Lightspeed ensures full security compliance with Escape

Discover how Lightspeed, the unified point of sale and payments platform, maintains security compliance.

How Escape enhanced Shine's application security

Discover the transformative impact of Escape on API security of Shine, an online banking for professionals.

How Thinkific has achieved enterprise-grade GraphQL security

Discover the challenges Thinkific faced and how they achieved enterprise-grade GraphQL security with Escape.

How Sungage Financial improved their application security within 1 week

Discover how Escape helped Sungage Financial secure their new GraphQL APIs and the impact Sungage felt.

GraphQL Security

A free tool that runs a dozen common security tests on a given GraphQL endpoint.

GraphQL Armor

A middleware for JS servers that adds a security layer to GraphQL endpoint in minutes.

OpenAPI Security

A free tool that runs a dozen common security tests on a given REST API using its OpenAPI specification.

ChatGPT Security

A free tool that runs a dozen common security tests on a given OpenAI ChatGPT Plugin using its manifest.

GPT Security Bot

Learn more about testing and securing APIs with the help of our GPT bot

Is Gen AI your new AppSec weapon? with Sandesh Mysore Anand

Learn how we challenged Sandesh on whether Gen AI can actually supercharge your AppSec program and what a potential shift in the skillset requirements for AppSec engineers would look like in the future.

Security training: necessary investment or overrated expense with Mel Reyes

Discover Mel's insights on whether investment in security training within the organizations is truly justified.

What is ASPM: A breakdown of the current state and its future with James Berthoty

Explore what is ASPM, what's wrong with its current state, what’s missing from Gartner's perspective, and what ASPM might look like in the future.

SCADA systems: How secure are the systems running our infrastructure? with Malav Vyas

Explore whether APIs introduce more security risks than benefits to SCADA systems, how hard it is to secure SCADA, and key future challenges.

Threat modeling: the future of cybersecurity or another buzzword with Derek Fisher

We discussed how to do threat modeling right (and wrong), what’s wrong with its current state, and what its future might look like.

Security experience: top-down vs bottom-up with Jeevan Singh

Throughout our talk, we had a chance to challenge Jeevan on his vision, opinions, and ask some "spicy" questions!

Lack of effective DAST tools with Aleksandr Krasnov

Our first episode with Aleksandr Krasnov, the principal security engineer at Meta, who challenges the effectiveness of existing DAST tools with us.

Workshop: How to write custom security tests for your APIs

Learn how to set up rules for various API vulnerabilities or write them based on bug bounty or pentesting reports.

Webinar: Best practices for API security

Join Tristan Kalos at our  webinar with GitGuardian to learn the ins and outs of keeping your API’s secure.

Webinar: Building your product security roadmap

In-depth recap of our hands-on product security webinar with James Berthoty—gather the best knowledge and insights!

Looking for hands-on training?

We’ve got you covered. Join our API Security Academy and learn how to secure your GraphQL applications with free and interactive online modules.

More knowledge, more secure software

Expand your security horizons.

Unlock your path to success

Securing your APIs isn’t easy, but we’ve got your back.We’re here to help your security team stay ahead of the curveand remediate vulnerabilities faster.