API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

Postmortem of the @Facebook infamous API breach compiled by @lfdodds based on the documents disclosed in the lawsuit. The original security flaw was known since Dec 2017, but not prioritized until combined with 2 other issues it led to the breach.

Wordpress REST APIs got exposed & exploited by ThemeREX addons. On of its functions registered the API without verifying that the call was from an admin. The endpoint allows calls like create admin accounts. Fix available from @ThemeREX_net https://t.co/2cgMOclxHD via @wordfence

MIT researchers @mspecter, @jimmykoppel, and @djweitzner reported multiple issues in @Voatz voting app (used in US) and found ways for man-in-the-middle attacks. The vendor does not allow API pentesting nor discloses source. https://t.co/1vr81FIn6X via @campuscodi / @ZDNet

API Security weekly newsletter issue #71 is out. Main stories by @pauloasilva_com / @Checkmarx, @AmirShladovsky / @imperva, @InonShkedy / @traceableai, Ramaswamy Chandramouli / @NIST
https://t.co/qSl1OhB2Pe

From the APISecurity.io Twitter

Postmortem of the @Facebook infamous API breach compiled by @lfdodds based on the documents disclosed in the lawsuit. The original security flaw was known since Dec 2017, but not prioritized until combined with 2 other issues it led to the breach.

Wordpress REST APIs got exposed & exploited by ThemeREX addons. On of its functions registered the API without verifying that the call was from an admin. The endpoint allows calls like create admin accounts. Fix available from @ThemeREX_net https://t.co/2cgMOclxHD via @wordfence

MIT researchers @mspecter, @jimmykoppel, and @djweitzner reported multiple issues in @Voatz voting app (used in US) and found ways for man-in-the-middle attacks. The vendor does not allow API pentesting nor discloses source. https://t.co/1vr81FIn6X via @campuscodi / @ZDNet

API Security weekly newsletter issue #71 is out. Main stories by @pauloasilva_com / @Checkmarx, @AmirShladovsky / @imperva, @InonShkedy / @traceableai, Ramaswamy Chandramouli / @NIST
https://t.co/qSl1OhB2Pe