API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

A Broken Object-Level Authorization (#BOLA/#IDOR) vulnerability in #Facebook's GraphQL API allowed anyone to change someone else's page URL and then take over the old one. See detailed report by @mvinni_ :
https://bugreader.com/marcos@change-the-username-for-any-facebook-page-219

Remember our anniversary raffle last week: https://apisecurity.io/issue-100-api-security-advice-top-industry-experts/? We are happy to announce the winner - @alexz4nder. Congratulations! And huge thanks to all our contributors and reader, and especially to everyone helping spread the word!

API Security weekly #101. Stories by @evstykas / @PenTestPartners, @epereiralopez, @wk057 & @FredericLambert / @ElectrekCo, @swaysThinking, @jon_bottarini, @ms__chief / @DI_Security, @DSotnikov / @devopsworldconf, @caseysoftware, @approov_io, @isamauny
https://apisecurity.io/issue-101-vulnerabilities-giggle-google-cloud-platform-sonicwall-new-relic-tesla/

Confused by the layers and alternatives of API security? Attend September 24 webinar "OAuth, OWASP, Gateways and Meshes - Oh my!" by Keith Casey (@caseysoftware / @okta), David Stewart (@approov_io) and Isabelle Mauny (@isamauny / @42crunch).
https://us02web.zoom.us/webinar/register/WN_YvcIjmzxTn-ulyMJWgHu5w

If you are using @jenkinsci make sure to attend next week's virtual @devopsworldconf conference: Sept 22-24. 57 sessions are security-related, and there's one specifically on APIs: "Using Jenkins Pipeline and DevSecOps for API Security" by @DSotnikov
https://sessions.devopsworld.com/sessions?p1=eyJzcGVha2VyIjpbXSwidGltZXNsb3QiOltdLCJkYXkiOltdLCJyb29tIjpbXSwibG9jYXRpb24iOltdLCJzdGFydCI6IiIsImZpbmlzaCI6IiIsInBhZ2VudW1iZXIiOjEsImNhdGVnb3JpZXMiOnt9LCJrZXl3b3JkIjoic290bmlrb3YifQ%3D%3D

From the APISecurity.io Twitter

A Broken Object-Level Authorization (#BOLA/#IDOR) vulnerability in #Facebook's GraphQL API allowed anyone to change someone else's page URL and then take over the old one. See detailed report by @mvinni_ :
https://bugreader.com/marcos@change-the-username-for-any-facebook-page-219

Remember our anniversary raffle last week: https://apisecurity.io/issue-100-api-security-advice-top-industry-experts/? We are happy to announce the winner - @alexz4nder. Congratulations! And huge thanks to all our contributors and reader, and especially to everyone helping spread the word!

API Security weekly #101. Stories by @evstykas / @PenTestPartners, @epereiralopez, @wk057 & @FredericLambert / @ElectrekCo, @swaysThinking, @jon_bottarini, @ms__chief / @DI_Security, @DSotnikov / @devopsworldconf, @caseysoftware, @approov_io, @isamauny
https://apisecurity.io/issue-101-vulnerabilities-giggle-google-cloud-platform-sonicwall-new-relic-tesla/

Confused by the layers and alternatives of API security? Attend September 24 webinar "OAuth, OWASP, Gateways and Meshes - Oh my!" by Keith Casey (@caseysoftware / @okta), David Stewart (@approov_io) and Isabelle Mauny (@isamauny / @42crunch).
https://us02web.zoom.us/webinar/register/WN_YvcIjmzxTn-ulyMJWgHu5w

If you are using @jenkinsci make sure to attend next week's virtual @devopsworldconf conference: Sept 22-24. 57 sessions are security-related, and there's one specifically on APIs: "Using Jenkins Pipeline and DevSecOps for API Security" by @DSotnikov
https://sessions.devopsworld.com/sessions?p1=eyJzcGVha2VyIjpbXSwidGltZXNsb3QiOltdLCJkYXkiOltdLCJyb29tIjpbXSwibG9jYXRpb24iOltdLCJzdGFydCI6IiIsImZpbmlzaCI6IiIsInBhZ2VudW1iZXIiOjEsImNhdGVnb3JpZXMiOnt9LCJrZXl3b3JkIjoic290bmlrb3YifQ%3D%3D