API security
Three API security risks in the wake of the Facebook breach
Facebook recently pledged to improve its security following a lawsuit that resulted from a 2018 data breach. The breach, which was left open for more than 20 months, resulted …
State-sponsored actors may have abused Twitter API to de-anonymize users
A Twitter API that’s intended to help new account holders find people they may already know on Twitter has been abused by known and unknown actors to tie usernames to …
Security pitfalls to avoid when programming using an API
OWASP’s API Security Project has released the first edition of its top 10 list of API security risks. The most common and perilous API security risks API abuse is an …
Transact with trust: Improving efficiencies and securing data with APIs
Developments in integration and APIs have provided businesses with huge benefits. Together, they provide businesses with newfound opportunity to unlock new revenue sources by …
Imperva explains how their recent security incident happened
In late August, Imperva suffered a security incident, resulting in the compromise of sensitive information of some of their Cloud WAF customers. On Thursday, Imperva CTO Kunal …
Make sure you keep an eye on your APIs
Application programming interfaces have always been important gateways to our applications, but in recent years, they’ve silently become both more prevalent and more central …
Serverless, shadow APIs and Denial of Wallet attacks
In this Help Net Security podcast, Doug Dooley, Chief Operating Officer at Data Theorem, discusses serverless computing, a new area that both DevOps leaders and enterprise …
Fighting credential stuffing attacks is an uphill battle
Hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year, making retail the most targeted segment studied, …
Modern browser APIs can be abused for hijacking device resources
Powerful capabilities of modern browser APIs could be misused by attackers to take control of a site visitor’s browser, add it to their botnet, and use it for a variety of …
Another API bug spurs Google to ditch consumer Google+ sooner than planned
Google has unearthed another Google+ API bug, which prompted it to accelerate the sunsetting of all Google+APIs and that of the consumer version of Google+. The API bug The …
Countering threats: Steps to take when developing APIs
High profile data breaches resulting from faulty APIs continue to make headlines. In the last few months alone, T-Mobile’s data breach resulted in hackers stealing personal …
Bring visibility to shadow APIs and ensure that security standards are being met
Last week Data Theorem introduced the industry’s first automated API discovery and security inspection solution aimed at addressing API security threats introduced by today’s …
Featured news
Resources
Don't miss
- Google patches actively exploited Chrome (CVE‑2025‑6554)
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)