I'm giving a paid workshop on the #OWASP #APISecurity Top Ten with AntiSyphon training on September 19th, with a ranging pay scale. Check it out here:
Verwaltet von:
#apisecurity
1 Beitrag1 Beteiligte*r0 Beiträge heute
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Top Ten Security Tips for APIs”
https://twp.ai/4ioJ8r
I'm giving a paid workshop on the #OWASP #APISecurity Top Ten with AntiSyphon training on September 19th, with a ranging pay scale. Check it out here:
I'm giving a paid workshop on the #OWASP #APISecurity Top Ten with AntiSyphon training on September 19th, with a ranging pay scale. Check it out here:
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Top Ten Security Tips for APIs” https://twp.ai/4ioX6N
CISOs urged to fix API risk before regulation forces their hand https://www.helpnetsecurity.com/2025/07/08/report-enterprise-api-security-risks/ #cybersecurity #APIsecurity #securityROI #compliance #monitoring #regulation #Raidiam #report #survey #News #CISO
Help Net Security · CISOs urged to fix API risk before regulation forces their hand - Help Net SecurityA report highlights critical enterprise API security risks, revealing vulnerabilities and gaps in authentication, monitoring, and governance.
I'm giving a paid workshop on the #OWASP #APISecurity Top Ten with AntiSyphon training on September 19th, with a ranging pay scale. Check it out here:
What would you do if you discovered a #bug or #loophole that provided free lifetime service instead of the usual annual or monthly fees? I've been trying to reach out to the company for a year, sending emails and requesting contact with their #development or #security team, but I haven't received a response.
The #CEO is active on #X and #Meta, but I don't have accounts on those platforms but I can't contact him directly anyway since DMs are disabled. Any suggestions?
The service still works after a year of using it.
Join Tanya Janca on November 5 for a 1-day, hands-on training session at OWASP Global AppSec USA 2025 and learn how to design and harden APIs the right way.
Secure your training spot now: https://owasp.glueup.com/event/131624/register/
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Top Ten Security Tips for APIs” https://twp.ai/4in9ou
Identifying high-risk APIs across thousands of code repositories https://www.helpnetsecurity.com/2025/06/12/joni-klippert-stackhawk-apis-sensitive-data-detection/ #cybersecurity #APIsecurity #Don'tmiss #StackHawk #Features #Hotstuff #opinion #News #data
Help Net Security · Identifying high-risk APIs across thousands of code repositories - Help Net SecuritySensitive Data Detection helps security teams focus on the APIs that matter most by flagging where regulated data types are being handled
Mike Amundsen If You’re Not Threat Modeling, Your API Is Already Vulnerable - DevX https://buff.ly/uqPiDEb
"if you care about uptime, user trust, or your job, you need to know where your API’s soft spots are. Otherwise, attackers will find them for you."
New Brand Story from #RSAC2025: Runtime Protection at the New Digital Front Line
At #RSAC Conference 2025, Sean Martin, CISSP sat down with Rupesh Chokshi, Senior Vice President and GM of Application Security at Akamai Technologies, to talk about how AI-driven applications and #APIs are reshaping the security landscape.
Why are runtime attacks on APIs and #AI apps growing—and why is prevention alone no longer enough?
Find out how Akamai is evolving its Web Application and API Protection (#WAAP) strategies to meet these emerging threats head-on.
Watch, listen, or read the full story here:
https://www.itspmagazine.com/their-stories/the-new-front-line-runtime-protection-for-ai-and-api-driven-attacks-a-brand-story-with-rupesh-chokshi-from-akamai-an-on-location-rsac-conference-2025-brand-story
ITSPmagazineThe New Front Line: Runtime Protection for AI and API-Driven Attacks | A Brand Story with Rupesh Chokshi from Akamai | An On Location RSAC Conference 2025 Brand Story — ITSPmagazine | Broadcasting Ideas. Connecting Minds.™In this episode, Rupesh Chokshi of Akamai breaks down the surge in API and AI-driven threats and explains how Akamai’s new Firewall for AI helps CISOs manage risk without slowing innovation. With real-world data, sharp insights, and practical solutions, this episode is a must-listen.
5 Ways to Secure Agentic Access to APIs | Nordic APIs | https://buff.ly/EfQmZis
"This shift from human-driven API calls to autonomous and large-scale agentic interactions means that security must become more dynamic, more machine-centric, and based on workloads rather than simple identity." -- #KristopherSandoval
The Digital Terrain Is Shifting — Are Your Apps and APIs Ready?
As AI adoption accelerates, so do AI-driven attacks.
In their new research report, Akamai Technologies uncovers the evolving threats facing web applications and APIs — and how organizations can respond before attackers get ahead.
State of Apps and API Security 2025: How #AI Is Shifting the Digital Terrain explores the sharp rise in automated, intelligent threats — and the new defenses emerging to meet them.
Download the full report here: https://itspm.ag/akamaixmwd
Research like this helps #security professionals, #leaders, and #developers stay ahead of the curve — and shape the future of #digital defense.
We’re also proud to feature Akamai in our RSAC 2025 coverage — with a Brand Story recorded pre-event and a follow-up conversation happening on location at the conference in San Francisco with Rupesh Chokshi, Sean Martin, CISSP, and Marco Ciappelli.
Watch the pre-event recording here: https://youtu.be/DMm6INJ_2Z8
A huge thank you to the Akamai team for sponsoring our coverage and sharing their insights with our global audience.
Check out the report and stay tuned for more from RSAC:
Download the Report: https://itspm.ag/akamaixmwd Explore our RSAC 2025 Coverage: https://www.itspmagazine.com/events/rsac-2025
How to find out if your AI vendor is a security risk https://www.helpnetsecurity.com/2025/04/10/ai-vendor-risk/ #Artificialintelligence #Expertanalysis #VorlonSecurity #cybersecurity #Expertcorner #APIsecurity #Don'tmiss #Hotstuff #dataleak #opinion #News #risk
Help Net Security · How to find out if your AI vendor is a security risk - Help Net SecurityAn AI vendor without strong security controls is a risk—if it can’t track API use or access, it doesn’t deserve your business.
"API keys are foundational elements for authentication, but relying solely on them is inherently a risky proposal.
Firstly, there’s the reality that API keys are not securely designed — they were never meant to be used as the sole form of authentication, and as such, they aren’t really built for the task. These keys can often be easily stolen, leaked, or, in some cases (especially if generated incrementally), outright guessed. An API key is suitable for tracking usage but is poor for security.
There is also the additional reality that keys in their default state lack some critical functionality. There’s not a lot of verification built-in for identity management, and what does exist offers very little in the way of granular access control.
Ultimately, solely relying on API keys is a mistake common with novice developers but frighteningly common even in advanced products.
Best Practices
Instead of relying heavily on API keys as a sole mechanism, combine those keys with additional approaches such as OAuth 2.0 or mTLS. Implement rigorous expiration and rotation policies to ensure that keys which are made public are only useful for a short amount of time. Consider more advanced approaches, such as IP whitelisting or device fingerprinting, to add another layer of security atop the API key process."
https://nordicapis.com/9-signs-youre-doing-api-security-wrong/
Nordic APIs · 9 Signs You're Doing API Security Wrong | Nordic APIs |API security anti-patterns are common. From overreliance on API keys to a lack of rate limiting to no encryption, we explore the top ones.
It was a packed house for the Graylog #BSidesROC Capture The Flag on Saturday! 
Thank you to everyone who joined us for the fun and games. 
You are all amazing and, now, a little (or a lot!) more knowledgable about #Graylog! 
It's a win-win. 
And congrats to our challenge winners! 
Grand prize winner — Tyler Smith
Training voucher winner — Praveen Kumar Penukonda
Runner up — Gabriel Schickling
Wallarm Releases 2025 API ThreatStats Report, Revealing that APIs are the Predominant Attack Surface
"Wallarm's researchers tracked 439 AI-related CVEs, a staggering 1,025% increase from the prior year. Nearly all (99%) were directly tied to APIs, including injection flaws, misconfigurations, and new memory corruption vulnerabilities stemming from AI's reliance on high-performance binary APIs."
Node.js Security in 2025: Best Practices and Threat Mitigation
https://bloggingaadd.com/nodejs-security-in-2025-best-practices-and-threat-mitigation
Learn the best Node.js security practices for 2025 to protect your applications from evolving threats. Explore key strategies for threat mitigation, data protection, and secure coding.
#NodeJS
#CyberSecurity
#WebSecurity
#SecureCoding
#BackendDevelopment
#APISecurity
#TechTrends2025
#DataProtection
#SoftwareSecurity
#JavaScript
#SecureApps
#ThreatMitigation