Tag: API Security

Hey there 👋 We’ve got some exciting news to share with you today! We’re thrilled to introduce you to our brand-new API security testing assistant: the GPT Bot “API Guardian”. Are you tired of spending endless hours proactively looking for the best practices to test and secure APIs? Well, your search is over! Our GPT Bot is here to simplify and streamline the entire process for you. What is the GPT Bot, and how can it...

Are you looking to make your API security program stronger? Do you sometimes find it challenging to spot and address security vulnerabilities effectively? You’re not alone! Many security professionals like you face challenges in improving API security because technology and cyber threats keep changing. This makes ensuring strong API security a complex but vital task. This checklist can help. You can use these guidelines to improve your API security posture. Feel free to adapt...

The explosive growth of APIs throughout the last years has resulted in an increasing number of potential vulnerabilities. Hackers continue to exploit them, most of the time not ethically. This trend is especially alarming to sensitive domains like healthcare, banking, or government but is also quickly affecting other areas. Making sure APIs stay secure would require not only a lot of technical efforts but organizational ones as well. But before securing APIs, we need...

You’ve probably come across terms like API Catalog, API Portal, API Gateway… and found yourself scratching your head, thinking, what kind of tech magic is this? Are you feeling lost amidst these buzzwords that everyone seems to be throwing around? If you want to catch up, grasp these concepts, and determine which solution suits your needs, you’ve landed in the right spot! Note: We will be using the term API Catalog as a generic...

Web application security is a big topic, and two terms you might hear often are XSS and CSRF. They both point to ways websites can be attacked, even though they work differently. To break it down simply: XSS stands for Cross-site scripting. It’s like someone sneaking a message into a conversation. CSRF, or Cross-site request forgery, is like someone pretending to be you to trick others. Though they have different ways of causing trouble, they do...

Why API security is crucial in 2023 Welcome to 2023! API security is crucial as technology advances and APIs’ usage expands. Just visualize this – hackers, day in and day out, keenly seeking out weak spots in API implementations. Their goal? Some people may aim to cause chaos by disabling essential services, while others may attempt to make a quick fortune. As we increasingly rely on APIs for functions such as handling financial transactions or...

The API Security Academy is built upon a technology that comes straight from the future—and by that, we mean the brilliant minds at StackBlitz—WebContainers. You may already know regular containers, the ones you can run with Docker and Kubernetes, which are lightweight virtualization units that allow developers to package and run applications in isolated containers. WebContainers are containers that run directly in the browser, pre-charged with a shell and Node.js. You may run...

Learning about GraphQL security is now more accessible than ever! We’re excited to introduce the API Security Academy, developed by the Escape team. Escape’s API Security Academy is a free and open-source collection of interactive challenges that will teach you how to secure your GraphQL applications. The challenges are designed to be fun and engaging, and they will help you learn the following: How to identify and mitigate security vulnerabilities in GraphQL applications How to apply...

The world is gearing more into a phase of individual ownership of data and digital assets without external interference. This metamorphosis of the web is commonly called Web3. It combines frontend technology, smart contracts, and other components of backend technology, such as indexing, querying, and database management. Smart contracts, a vital by-product (or a feature) of Web3, are at the core of many use cases. Initially, interacting with smart contracts without an interface was...

tl;dr After one year and a half of approaching API security through the lenses of GraphQL, we are proud to introduce beta support for REST API Security Testing in Escape, in addition to GraphQL. You can register for the beta using this link. You like us on GraphQL. You will love us on REST. It’s been a ride since Escape’s public release of our GraphQL Security Platform last September. Without a dollar spent in marketing,...