APISEC|CON is BACK! May 21 @ 12pm ET - Register Now

Blog posts

by

Dan Barahona

With over 2,400 apps available in the Slack App Directory.
Dan Barahona
Heading

Server-Side Request Forgery (SSRF): OWASP API Security Principle Seven Explained

April 10, 2022
6 min
Dan Barahona
Heading

Unrestricted Access to Sensitive Business Flows: OWASP API Security Principle Six Explained

April 10, 2022
6 min
Dan Barahona
Heading

Instagram API Breach: A Lesson in Unrestricted Access to Sensitive Business Flows

April 10, 2022
6 min
Dan Barahona
Heading

Understanding Broken Function Level Authorization (BFLA): Securing API Functions from Misuse and Abuse

April 10, 2022
6 min
Dan Barahona
Heading

Understanding Broken Object Property Level Authorization (BOPLA): Prevent Mass Assignment and Excessive Data Exposure

April 10, 2022
6 min
Dan Barahona
Heading

Unrestricted Resource Consumption: How to Protect Your APIs from Data Harvesting and Performance Issues

April 10, 2022
6 min
Dan Barahona
Heading

Peloton's API Security Breach: A Case Study in Broken Authentication and Insufficient Authorization

April 10, 2022
6 min
Dan Barahona
Heading

Understanding Security Misconfiguration in APIs: OWASP 8 Explained

April 10, 2022
6 min
Dan Barahona
Heading

Improper Inventory Management in APIs: OWASP 9 Explained

April 10, 2022
6 min
Dan Barahona
Heading

Unsafe Consumption of APIs (OWASP 10): Securing Third-Party Integrations

April 10, 2022
6 min
Dan Barahona
Heading

Understanding Broken Authentication: OWASP API Security Principle Two

April 10, 2022
6 min
Dan Barahona
Heading

Are Free API Scanners Actually Worth It?

April 10, 2022
6 min
Dan Barahona
Heading

What Should I Look for When Choosing an API Penetration Testing Tool?

April 10, 2022
6 min
Dan Barahona
Heading

Real-World Lessons of Broken Object Level Authorization (BOLA)

April 10, 2022
6 min
Dan Barahona
Heading

Understanding Broken Object Level Authorization (BOLA): OWASP API Security Principle #1

April 10, 2022
6 min
Dan Barahona
Heading

Real-World API Security Breaches: Lessons from Major Attacks

April 10, 2022
6 min
Dan Barahona
Heading

Understanding the Application Security Technology Landscape: Where Tools Excel and Where Gaps Remain

April 10, 2022
6 min
Dan Barahona
Heading

Three Pillars of API Security: Governance, Testing, and Continuous Validation

April 10, 2022
6 min
Dan Barahona
Heading

API Security Fundamentals: Protecting the Backbone of Modern Applications

April 10, 2022
6 min
API Failure: 7 Causes and How to Fix Them
Dan Barahona
Heading

API Failure: 7 Causes and How to Fix Them

April 10, 2022
6 min
Which API Security Testing Tool Should I Choose?
Dan Barahona
Heading

Which API Security Testing Tool Should I Choose

April 10, 2022
6 min
API Security Testing Automation in CI/CD Pipelines Setup Guide
Dan Barahona
Heading

API Security Testing Automation in CI/CD Pipelines: Complete Setup Guide

April 10, 2022
6 min
API Security Mistakes That Lead to Data Breaches
Dan Barahona
Heading

API Security Mistakes That Lead to Data Breaches

April 10, 2022
6 min
How to Detect Business Logic Vulnerabilities in APIs
Dan Barahona
Heading

How to Detect Business Logic Vulnerabilities in API

April 10, 2022
6 min
Why Do APIs Keep Getting Hacked?
Dan Barahona
Heading

Why Do APIs Keep Getting Hacked

April 10, 2022
6 min
When Do You Need API Penetration Testing for Your Applications
Dan Barahona
Heading

When Do You Need API Penetration Testing for Your Applications

April 10, 2022
6 min
API Vulnerability Scanning vs Penetration Testing: Key Differences
Dan Barahona
Heading

API Vulnerability Scanning vs Penetration Testing: Key Differences

April 10, 2022
6 min
Why Automated API Testing Tools Are Better Than Manual Testing
Dan Barahona
Heading

Why Automated API Testing Tools Are Better Than Manual Testing

April 10, 2022
6 min
Can Automated API Security Testing Replace Security Code Reviews? | APIsec
Dan Barahona
Heading

Can Automated API Security Testing Replace Security Code Reviews

April 10, 2022
6 min
How Automated API Endpoint Testing Improves Security Coverage | APIsec
Dan Barahona
Heading

How Does Automated API Endpoint Testing Improve Security Coverage

April 10, 2022
6 min
Dan Barahona
Heading

API Fuzzing for Security Testing: Complete Guide

April 10, 2022
6 min
Dan Barahona
Heading

Master API Authentication and Authorization | Best Practices for Security

April 10, 2022
6 min
Dan Barahona
Heading

Fix Broken API Authentication: Detection, Prevention, and Best Practices

April 10, 2022
6 min
Dan Barahona
Heading

API Endpoint Guide: Understanding Functionality, Security, and Best Practices

April 10, 2022
6 min
Dan Barahona
Heading

Difference Between SAST and DAST: Key Insights & Tools

April 10, 2022
6 min
Dan Barahona
Heading

Troubleshooting Guide for API Failure: Common Causes & Solutions

April 10, 2022
6 min
Dan Barahona
Heading

API Security Orchestration: Automate Incident Response & Remediation

April 10, 2022
6 min
Dan Barahona
Heading

Prompt Injection and LLM API Security Risks | Protect Your AI

April 10, 2022
6 min
Dan Barahona
Heading

Secure Your Shadow APIs: Best Practices for API Discovery

April 10, 2022
6 min
Dan Barahona
Heading

Zero Trust API Security: Upgrade Your Cyber Defense Today

April 10, 2022
10 min
Dan Barahona
Heading

How Software-Defined Vehicles Are Changing the Game

April 10, 2022
7 minutes
Dan Barahona
Heading

2024 API Security Best Practices

April 10, 2022
5 minutes
Dan Barahona
Heading

How to Choose an API Security Tech Stack

April 10, 2022
6 mins
Dan Barahona
Heading

Top 5 Burp Suite Alternatives for API Security Testing

April 10, 2022
5 mins
Dan Barahona
Heading

Burp Suite vs. OWASP ZAP - Which is Better for API Security Testing?

April 10, 2022
6 mins
Banking ReferenceArc APIsec image
Dan Barahona
Heading

What the OCC's Bank Supervision Operating Plan for Fiscal Year 2023 Means for Community Banks and FinTechs

April 10, 2022
5 minutes
Best pen testing tools image
Dan Barahona
Heading

Best Penetration Testing Tools to Secure Your APIs

April 10, 2022
6 mins
Dan Barahona
Heading

How to Continuously Test APIs (and Why That's Impossible for Bug Bounty Programs)

April 10, 2022
7 minutes
Image showing hidden risks of API monitoring
Dan Barahona
Heading

The Hidden Risks of API Monitoring That Leave APIs More Vulnerable

April 10, 2022
5 minutes
Image showing shift-left security process
Dan Barahona
Heading

Shift Left Security: The Ultimate Guide

April 10, 2022
15 mins read
Guide to shift-left testing image with professional design
Dan Barahona
Heading

Shift-left vs Traditional Testing: Your Guide to Choosing the Best Path

April 10, 2022
6 mins
Dan Barahona
Heading

What is Broken Object Level Authorization (BOLA) and How to Fix It

April 10, 2022
6 mins
Dan Barahona
Heading

Penetration Testing Best Practices for Every Stage of Testing

April 10, 2022
5 mins
Dan Barahona
Heading

What is Business Constraint Exploitation?

April 10, 2022
5 mins
Image showing sensitive data exposure issue in technology
Dan Barahona
Heading

Sensitive Data Exposure: What It Is and How to Avoid It

April 10, 2022
5 mins
Dan Barahona
Heading

How to Address Business Logic Flaws During Application Design

April 10, 2022
5 min read
Dan Barahona
Heading

5 Real-world Examples of Business Logic Vulnerabilities that Resulted in Data Breaches

April 10, 2022
6 min read
Dan Barahona
Heading

Why Business Logic Vulnerabilities Are Your #1 API Security Risk

April 10, 2022
6 min read
Dan Barahona
Heading

How Improper Assets Management Can Leave Your APIs Vulnerable to Attacks

April 10, 2022
7 min read
Dan Barahona
Heading

What Is a Business Logic Layer?

April 10, 2022
6 min read
Dan Barahona
Heading

FinTech API Security: How APIs Are Shaping the Future of Financial Services

April 10, 2022
6 min read
Banking API security image
Dan Barahona
Heading

How to Protect Your Bank APIs and Create a Secure Open Banking Environment

April 10, 2022
5 min read
Dan Barahona
Heading

Cybersecurity in Fintech: Top 8 FinTech Cybersecurity Risks and Challenges

April 10, 2022
7 min read
Dan Barahona
Heading

What Is Vulnerability Scanning and How Does It Work?

April 10, 2022
7 min read
Dan Barahona
Heading

5 Best Web Application and API Vulnerability Scanners in 2022

April 10, 2022
6 min read
Dan Barahona
Heading

Top 5 Best API Documentation Tools to Help Improve Adoption Rates

April 10, 2022
6 min read
Dan Barahona
Heading

What Is OAuth 2.0 and How Does It Work?

April 10, 2022
7 min read
Dan Barahona
Heading

5 Best API Security Testing Tools in 2022 (Ranked & Reviewed)

April 10, 2022
7 min read
Dan Barahona
Heading

What is API Testing Automation? And How It Will Improve Your DevSecOps Process

April 10, 2022
7 min read
Dan Barahona
Heading

API Security Checklist: What You Need To Know

April 10, 2022
7 min read
Dan Barahona
Heading

Drilling Down Into Excessive Data Exposure: How to Protect Your APIs Sensitive Data

April 10, 2022
7 min read
Dan Barahona
Heading

3 Steps for an Effective API Testing Process

April 10, 2022
7 min read
Dan Barahona
Heading

10 Essential API Security Best Practices To Protect Your Data

April 10, 2022
7 min read
Dan Barahona
Heading

MuleSoft API Security Best Practices Your Dev Needs to Know About

April 10, 2022
5 min read
Dan Barahona
Heading

API Security Testing Pricing & Cost: All You Need To Know

April 10, 2022
7 min read
APIsec security image
Dan Barahona
Heading

Why APIs are Your Biggest Security Risk

April 10, 2022
7 min read
Dan Barahona
Heading

What Is API Privacy and How to Protect Your Sensitive Data

April 10, 2022
7 min read
Dan Barahona
Heading

A Complete List of API Terms

April 10, 2022
7 min read
Dan Barahona
Heading

API Security 101: The What, The How, and The Why

April 10, 2022
7 min read
Dan Barahona
Heading

API Security: How to Add the Sec in DevSecOps

April 10, 2022
7 min read
Dan Barahona
Heading

Why Automated Penetration Testing Is a Must

April 10, 2022
7 min read
Dan Barahona
Heading

How to Secure an API: Best Practices

April 10, 2022
6 min read
Dan Barahona
Heading

APIsec Introduces First, 100% Automated, Certified Pen-Test Report for APIs

April 10, 2022
7 min read
Dan Barahona
Heading

The Beginner’s Guide to REST API: Everything You Need to Know

April 10, 2022
10 min read
Dan Barahona
Heading

How to Add Token Generation Code

April 10, 2022
4 min read
Dan Barahona
Heading

APIsec - the Only Platform for Automated API Security Testing

April 10, 2022
6 min read
Dan Barahona
Heading

How to Call APIsec APIs

April 10, 2022
6 min read
Dan Barahona
Heading

First American Financial 885M Account Records First American Financial 885M Account Records

April 10, 2022
6 min read
Dan Barahona
Heading

How hackers acquired patient’s personal data from Healthline

April 10, 2022
6 min read
350K Citi records image
Dan Barahona
Heading

How Hackers Acquired 350K Citi Customer Records

April 10, 2022
6 min read
Dan Barahona
Heading

How a Common API Flaw Gave Attackers Access to Symantec’s Customer Certificates

April 10, 2022
5 min read
Dan Barahona
Heading

Simplified Analysis of Outlook Hack

April 10, 2022
5 min read
Dan Barahona
Heading

5 Billion Records From 6,500 Data Breaches Exposed in 2018

April 10, 2022
6 min read
Dan Barahona
Heading

What Is OWASP API Security Top 10: A Deep Dive

April 10, 2022
10 min read
Automate Your API Security.
APIsec University
CoursesResources
Events
APISEC|CONLive API Security WorkshopPrivate API Security Workshop
About
Who is APIsec?BlogCase StudesSupport
Copyright © 2024 APIsec.ai
Free License Agreement
Terms & Conditions
Privacy Policy