API Security

APIs – Underpinning Modern Technologies to Popular Data Breaches

APIs – Underpinning Modern Technologies to Popular Data Breaches In today’s world software is an essential piece driving digital transformation and also business value for every enterprise. Microsoft CEO Satya Nadella not long ago said, “every company is a software company, every company is a digital organization”. At the crux of this transformation is the …

APIs – Underpinning Modern Technologies to Popular Data Breaches Read More »

OWASP API Security Top 10 – Broken Object Level Authorization

OWASP API Security Top 10 – Broken Object Level Authorization Broken Object Level Authorization (BOLA) is the top most in the list of OWASP Top 10 API Security threats because of its ease of exploitation combined with its potential for impact as well as the difficulty to defend this threat in an organized way.    …

OWASP API Security Top 10 – Broken Object Level Authorization Read More »

API Security Checklist: Secure API Design

API Security Checklist: Secure API Design Adopting a Shift-left Approach Securing API Endpoints is critical for securing applications. This requires security products to monitor a diverse and comprehensive set of components supporting the application. Some security products evaluate the behavior of application traffic, some focus on the post-development application code, and others look to embed …

API Security Checklist: Secure API Design Read More »

Data Leaks When API Services Miscommunicate

Data Leaks When API Services Miscommunicate How Monitoring All Call Traces Can Detect and Prevent Data Exfiltration Findadoctor.com Data Leakage It was reported that information about 1.4 million US doctors was leaked (https://apisecurity.io/issue-79-1-4-million-doctor-records-scraped-using-api/) when bad actors appear to have taken advantage of a GitLab file upload vulnerability (https://about.gitlab.com/blog/2020/03/30/how-to-exploit-parser-differentials/).     The technical details of the vulnerability …

Data Leaks When API Services Miscommunicate Read More »

Cybersecurity Mastermind Series — 4/9/20 — COVID-19

Cybersecurity Mastermind Series — 4/9/20 — COVID-19 Getting Real with the CISO of The RealReal: Re-Prioritizing Budgets in a Post-Pandemic World Last week, CloudVector hosted its first Cybersecurity Mastermind series, focused on the impact of COVID-19. More than a dozen CISOs, representing five different industries responsible for thousands upon thousands of employees moving to remote …

Cybersecurity Mastermind Series — 4/9/20 — COVID-19 Read More »

RSAC 2020 Survey — API Security Attitudes & Trends

RSAC 2020 Survey — API Security Attitudes & Trends CloudVector attended RSA Conference 2020 to exhibit in the Early Stage Expo, a specialized pavilion for up-and-coming cybersecurity vendors away from the hustle and bustle of the main show floor. The Early Stage Expo can only be accessed by RSA Attendees or those with Expo Plus …

RSAC 2020 Survey — API Security Attitudes & Trends Read More »

Digging Deep to Defend Against Docker API Abuse

Digging Deep to Defend Against Docker API Abuse Another day, another API breach adds to the growing chorus against API vulnerabilities. The attack we speak about this time is targeting publicly exposed Docker APIs, leveraging the victim infrastructure for illegitimate cryptocurrency mining. Way to ruin Thanksgiving for Docker Admins, I say! In this blog, we …

Digging Deep to Defend Against Docker API Abuse Read More »