API security

Understanding the basics of API security
This is the first of a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in …

Most credential abuse attacks against the financial sector targeted APIs
From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. …

Three API security risks in the wake of the Facebook breach
Facebook recently pledged to improve its security following a lawsuit that resulted from a 2018 data breach. The breach, which was left open for more than 20 months, resulted …

State-sponsored actors may have abused Twitter API to de-anonymize users
A Twitter API that’s intended to help new account holders find people they may already know on Twitter has been abused by known and unknown actors to tie usernames to …

Security pitfalls to avoid when programming using an API
OWASP’s API Security Project has released the first edition of its top 10 list of API security risks. The most common and perilous API security risks API abuse is an …

Transact with trust: Improving efficiencies and securing data with APIs
Developments in integration and APIs have provided businesses with huge benefits. Together, they provide businesses with newfound opportunity to unlock new revenue sources by …

Imperva explains how their recent security incident happened
In late August, Imperva suffered a security incident, resulting in the compromise of sensitive information of some of their Cloud WAF customers. On Thursday, Imperva CTO Kunal …

Make sure you keep an eye on your APIs
Application programming interfaces have always been important gateways to our applications, but in recent years, they’ve silently become both more prevalent and more central …

Serverless, shadow APIs and Denial of Wallet attacks
In this Help Net Security podcast, Doug Dooley, Chief Operating Officer at Data Theorem, discusses serverless computing, a new area that both DevOps leaders and enterprise …

Fighting credential stuffing attacks is an uphill battle
Hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year, making retail the most targeted segment studied, …

Modern browser APIs can be abused for hijacking device resources
Powerful capabilities of modern browser APIs could be misused by attackers to take control of a site visitor’s browser, add it to their botnet, and use it for a variety of …

Another API bug spurs Google to ditch consumer Google+ sooner than planned
Google has unearthed another Google+ API bug, which prompted it to accelerate the sunsetting of all Google+APIs and that of the consumer version of Google+. The API bug The …
Featured news
Resources
Don't miss
- Digital sovereignty becomes a matter of resilience for Europe
- Storm-2603 spotted deploying ransomware on exploited SharePoint servers
- CISO New York 2025 brings together top cybersecurity leaders
- Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)
- Autoswagger: Open-source tool to expose hidden API authorization flaws