APISEC|CON is BACK! May 21 @ 12pm ET - Register Now

Blog posts

by

Dan Barahona

With over 2,400 apps available in the Slack App Directory.
OAuth 2.0 Common Security Flaws and Prevention Techniques
Dan Barahona
Heading

OAuth 2.0 Common Security Flaws and Prevention Techniques

April 10, 2022
6 min
API Rate Limiting Strategies: Preventing DDoS and Resource Exhaustion
Dan Barahona
Heading

API Rate Limiting Strategies: Preventing DDoS and Resource Exhaustion

April 10, 2022
6 min
Open Source vs Commercial API Security Scanners Compared
Dan Barahona
Heading

Open Source vs Commercial API Security Scanners Compared

April 10, 2022
6 min
Financial API Security Compliance: PCI DSS & PSD2
Dan Barahona
Heading

Financial Services API Security Compliance Guide

April 10, 2022
6 min
API Security Automation Tools for DevOps
Dan Barahona
Heading

API Security Automation Tools and Techniques for DevOps Teams

April 10, 2022
6 min
How to Automate API Security Testing in CI/CD
Dan Barahona
Heading

How to Implement Automated API Security Testing in Development Workflows

April 10, 2022
6 min
API Security Testing for Payment Gateways: PSD2 & Open Banking Compliance Guide
Dan Barahona
Heading

API Security Testing for Payment Systems: PSD2 and Open Banking Requirements

April 10, 2022
6 min
JWT Security Vulnerabilities: Prevention Guide & Best Practices
Dan Barahona
Heading

JWT Security: Common Vulnerabilities and How to Prevent Token-Based Exploits

April 10, 2022
6 min
API Abuse Detection: Distinguish Good Bots from Bad Bots
Dan Barahona
Heading

API Abuse Detection: Distinguishing Between Bots

April 10, 2022
6 min
How to Secure Webhook Endpoints: Authentication & Validation Guide
Dan Barahona
Heading

Securing Webhook Endpoints: Authentication and Validation Best Practices

April 10, 2022
6 min
Microservices API Security: Authentication & Authorization Guide
Dan Barahona
Heading

API Security in Microservices Architecture: Best Practices

April 10, 2022
6 min
GraphQL Security Testing Guide: Vulnerabilities & Best Practices
Dan Barahona
Heading

GraphQL Security Testing: Complete Guide for Developers

April 10, 2022
6 min
REST API Security Best Practices: 6 Essential Methods
Dan Barahona
Heading

REST API Security Best Practices Every Developer Should Know

April 10, 2022
6 min
API Penetration Testing Checklist: 10 Critical Tests
Dan Barahona
Heading

Complete API Penetration Testing Checklist for Security Teams

April 10, 2022
6 min
https://www.apisec.ai/blog
Dan Barahona
Heading

SSRF Explained: OWASP API Security Principle 7 Made Simple

April 10, 2022
6 min
Unrestricted access in APIs – OWASP API security principle 6 explained
Dan Barahona
Heading

Unrestricted Business Flows: OWASP Principle 6 Explained

April 10, 2022
6 min
Understanding broken function-level authorization in APIs – vulnerability graphic
Dan Barahona
Heading

Instagram API Breach: Lessons on Sensitive Business Flows

April 10, 2022
6 min
BOLA vulnerability lessons – understanding broken object-level API authorization
Dan Barahona
Heading

BFLA Explained: Securing API Functions from Abuse

April 10, 2022
6 min
Understanding BOPLA in APIs – broken object property-level authorization graphic
Dan Barahona
Heading

BOPLA Explained: Prevent Mass Assignment & Data Exposure

April 10, 2022
6 min
API unrestricted resource consumption – performance and security risk
Dan Barahona
Heading

Preventing Resource Abuse: Protect APIs from Harvesting

April 10, 2022
6 min
Dan Barahona
Heading

Inside the Peloton Breach: Broken Authentication Lessons

April 10, 2022
6 min
Security misconfiguration in APIs – vulnerabilities and best practices
Dan Barahona
Heading

Understanding Security Misconfiguration in APIs: OWASP 8 Explained

April 10, 2022
6 min
Improper API inventory management – asset oversight risk illustration
Dan Barahona
Heading

Improper Inventory Management in APIs: OWASP 9 Explained

April 10, 2022
6 min
Dan Barahona
Heading

Unsafe API Consumption: Securing Third-Party Integrations

April 10, 2022
6 min
Dan Barahona
Heading

Broken Authentication Explained: OWASP API Principle 2

April 10, 2022
6 min
Free API scanner comparison – evaluating value of free API security testing tools
Dan Barahona
Heading

Are Free API Scanners Actually Worth It?

April 10, 2022
6 min
Choosing an API penetration testing tool – important criteria to consider
Dan Barahona
Heading

How to Choose the Right API Pen-Testing Tool

April 10, 2022
6 min
BOLA vulnerability lessons – understanding broken object-level API authorization
Dan Barahona
Heading

Real-World Lessons of Broken Object Level Authorization (BOLA)

April 10, 2022
6 min
Dan Barahona
Heading

BOLA Explained: OWASP API Security Principle 1 for Teams

April 10, 2022
6 min
Banking API security – protecting financial data via secure API practices
Dan Barahona
Heading

Real-World API Security Breaches: Lessons from Major Attacks

April 10, 2022
6 min
Application security technology landscape – software security architecture visual
Dan Barahona
Heading

AppSec Tech Landscape: Strengths, Gaps & What Teams Need

April 10, 2022
6 min
Dan Barahona
Heading

The Three Pillars of Modern API Security

April 10, 2022
6 min
Dan Barahona
Heading

API Security Fundamentals: Core Principles for Modern Apps

April 10, 2022
6 min
API failure example – visual depicting a failed application programming interface
Dan Barahona
Heading

API Failure: 7 Causes and How to Fix Them

April 10, 2022
6 min
Which API Security Testing Tool Should I Choose?
Dan Barahona
Heading

Which API Security Testing Tool Should I Choose

April 10, 2022
6 min
API Security Testing Automation in CI/CD Pipelines Setup Guide
Dan Barahona
Heading

CI/CD API Security: A Complete Automation Guide

April 10, 2022
6 min
Common API security mistakes – preventing vulnerabilities and data breach risks
Dan Barahona
Heading

API Security Mistakes That Lead to Data Breaches

April 10, 2022
6 min
Detecting business logic vulnerabilities in API – security testing graphic
Dan Barahona
Heading

How to Detect Business Logic Vulnerabilities in API

April 10, 2022
6 min
Why APIs get hacked – illustration of common API attack vectors
Dan Barahona
Heading

Why Do APIs Keep Getting Hacked

April 10, 2022
6 min
When to use API penetration testing – decision points for application security testing
Dan Barahona
Heading

When Do You Need API Penetration Testing for Your Applications

April 10, 2022
6 min
API Vulnerability Scanning vs Penetration Testing: Key Differences
Dan Barahona
Heading

API Vulnerability Scanning vs Penetration Testing: Key Differences

April 10, 2022
6 min
Why use automated API testing tools – benefits for application security
Dan Barahona
Heading

Why Automated API Testing Tools Are Better Than Manual Testing

April 10, 2022
6 min
Can Automated API Security Testing Replace Security Code Reviews? | APIsec
Dan Barahona
Heading

Can Automated API Security Testing Replace Security Code Reviews

April 10, 2022
6 min
How Automated API Endpoint Testing Improves Security Coverage | APIsec
Dan Barahona
Heading

How Does Automated API Endpoint Testing Improve Security Coverage

April 10, 2022
6 min
API fuzzing for security testing – automated method for discovering flaws
Dan Barahona
Heading

API Fuzzing for Security Testing: Complete Guide

April 10, 2022
6 min
API authentication and authorization process – securing data access
Dan Barahona
Heading

API Auth Best Practices: Strong Authentication & Authorization

April 10, 2022
6 min
Broken authentication in APIs – vulnerability example and risk illustration
Dan Barahona
Heading

Fixing Broken API Authentication: Detection & Prevention

April 10, 2022
6 min
Dan Barahona
Heading

API Endpoint Guide: Architecture, Security & Best Practices

April 10, 2022
6 min
Dan Barahona
Heading

Difference Between SAST and DAST: Key Insights & Tools

April 10, 2022
6 min
API failure causes and solutions – how to fix API errors and issues
Dan Barahona
Heading

Troubleshooting Guide for API Failure: Common Causes & Solutions

April 10, 2022
6 min
API security fundamentals – essential practices for robust application APIs
Dan Barahona
Heading

API Security Orchestration: Automating Response & Remediation

April 10, 2022
6 min
API security testing vs code review – automation replacing manual checks illustration
Dan Barahona
Heading

Prompt Injection and LLM API Security Risks | Protect Your AI

April 10, 2022
6 min
Shadow API discovery – finding and securing undocumented API endpoints
Dan Barahona
Heading

Secure Your Shadow APIs: Best Practices for API Discovery

April 10, 2022
6 min
Dan Barahona
Heading

Zero Trust API Security: Upgrade Your Cyber Defense Today

April 10, 2022
10 min
Dan Barahona
Heading

Software-Defined Vehicles: Are Your APIs Driving You Into Risk?

April 10, 2022
7 minutes
Tech article heading graphic – modern blog or content feature
Dan Barahona
Heading

2024 API Security Best Practices

April 10, 2022
5 minutes
Choosing an API security tech stack – guide to selecting software and tools
Dan Barahona
Heading

How to Choose an API Security Tech Stack

April 10, 2022
6 mins
APIsec logo – API security platform branding visual
Dan Barahona
Heading

Top 5 Burp Suite Alternatives for API Security Testing

April 10, 2022
5 mins
Blog API security article illustration – tips for protecting your APIs
Dan Barahona
Heading

Burp vs ZAP: Which Finds More API Bugs?

April 10, 2022
6 mins
Banking API security reference architecture – protecting financial systems illustration
Dan Barahona
Heading

OCC 2023 Plan: What It Means for Banks & FinTech Security

April 10, 2022
5 minutes
Best pen testing tools image
Dan Barahona
Heading

Best Pen-Testing Tools for Modern APIs

April 10, 2022
6 mins
APIsec infographic – API security best practices visual aid
Dan Barahona
Heading

API Testing Automation: How It Transforms DevSecOps

April 10, 2022
7 minutes
API monitoring risks – visual highlighting hidden dangers of monitoring APIs
Dan Barahona
Heading

The Hidden Risks of API Monitoring That Leave APIs More Vulnerable

April 10, 2022
5 minutes
Image showing shift-left security process
Dan Barahona
Heading

Shift Left Security: The Ultimate Guide

April 10, 2022
15 mins read
Shift left testing guide – software development lifecycle and early security practices
Dan Barahona
Heading

Shift-Left vs Traditional Testing: Choosing the Best Approach

April 10, 2022
6 mins
Dan Barahona
Heading

What is Broken Object Level Authorization (BOLA) and How to Fix It

April 10, 2022
6 mins
Penetration testing guide – illustrated overview of API pen testing steps
Dan Barahona
Heading

Penetration Testing Best Practices for Every Stage of Testing

April 10, 2022
5 mins
Business constraint exploitation – API vulnerability infographic
Dan Barahona
Heading

Business Logic Flaws in APIs: The Silent Threat

April 10, 2022
5 mins
Sensitive data exposure illustration – safeguarding APIs against leaks and threats
Dan Barahona
Heading

Sensitive Data Exposure: What It Is and How to Avoid It

April 10, 2022
5 mins
Dan Barahona
Heading

How to Address Business Logic Flaws During Application Design

April 10, 2022
5 min read
Dan Barahona
Heading

5 Real Business Logic Failures That Led to Major Breaches

April 10, 2022
6 min read
Dan Barahona
Heading

Why Business Logic Vulnerabilities Are Your #1 API Security Risk

April 10, 2022
6 min read
Improper API asset management – risks of poor endpoint inventory
Dan Barahona
Heading

Improper Asset Management: Hidden API Risks Explained

April 10, 2022
7 min read
APIsec feature infographic – overview for API security platform
Dan Barahona
Heading

What Is a Business Logic Layer?

April 10, 2022
6 min read
Dan Barahona
Heading

Fintech API Security Checklist: Avoid Disaster

April 10, 2022
6 min read
Banking API security – protecting financial data via secure API practices
Dan Barahona
Heading

Banking APIs: Closing the Door on Fraud

April 10, 2022
5 min read
Dan Barahona
Heading

Fintech APIs: Are You Leaking Money and Data?

April 10, 2022
7 min read
What is vulnerability scanning – process overview for security testing
Dan Barahona
Heading

Vulnerability Scanning for APIs: What You’re Missing

April 10, 2022
7 min read
Dan Barahona
Heading

5 Best Web Application and API Vulnerability Scanners in 2022

April 10, 2022
6 min read
Dan Barahona
Heading

Top 5 Best API Documentation Tools to Help Improve Adoption Rates

April 10, 2022
6 min read
OAuth 2.0 flow diagram – API authorization protocol graphic
Dan Barahona
Heading

What Is OAuth 2.0 and How Does It Work?

April 10, 2022
7 min read
APIsec platform visual – brand infographic for API security
Dan Barahona
Heading

Top API Security Testing Tools You Need Now

April 10, 2022
7 min read
Dan Barahona
Heading

API Test Automation: What It Is & How It Improves DevSecOps

April 10, 2022
7 min read
Dan Barahona
Heading

API Security Checklist: What You Need To Know

April 10, 2022
7 min read
Sensitive data exposure graphic – security risks in APIs and prevention tips
Dan Barahona
Heading

Excessive Data Exposure: Are Your APIs Over-Sharing?

April 10, 2022
7 min read
How to ensure REST API security – checklist for secure API development
Dan Barahona
Heading

3 Steps for an Effective API Testing Process

April 10, 2022
7 min read
Dan Barahona
Heading

API Security Best Practices: Stop Breaches Before They Start

April 10, 2022
7 min read
Mule API security – protecting data in MuleSoft environments
Dan Barahona
Heading

MuleSoft API Security Best Practices Your Dev Needs to Know About

April 10, 2022
5 min read
Dan Barahona
Heading

The Hidden Cost of Late API Bug Discovery

April 10, 2022
7 min read
APIsec security image
Dan Barahona
Heading

Why APIs Are Quietly Your Largest Risk

April 10, 2022
7 min read
Dan Barahona
Heading

What Is API Privacy and How to Protect Your Sensitive Data

April 10, 2022
7 min read
Dan Barahona
Heading

API Security Glossary

April 10, 2022
7 min read
APIsec infographic – API security best practices visual aid
Dan Barahona
Heading

API Security 101: The What, The How, and The Why

April 10, 2022
7 min read
Dan Barahona
Heading

API Security: How to Add the Sec in DevSecOps

April 10, 2022
7 min read
Dan Barahona
Heading

Why Automated Penetration Testing Is a Must

April 10, 2022
7 min read
Allstate Apigee webinar – API security education event graphic
Dan Barahona
Heading

How to Secure an API: Best Practices

April 10, 2022
6 min read
Dan Barahona
Heading

Introducing the First Fully Automated Certified API Pen-Test

April 10, 2022
7 min read
REST API graphic – visual depicting application programming interface elements
Dan Barahona
Heading

The Beginner’s Guide to REST API: Everything You Need to Know

April 10, 2022
10 min read
Dan Barahona
Heading

Secure Token Generation: Best Practices for APIs

April 10, 2022
4 min read
APIsec highlights infographic – overview of security features
Dan Barahona
Heading

Guide to Automated API Security Testing| APISec

April 10, 2022
6 min read
Automate Your API Security.
APIsec University
CoursesResources
Events
APISEC|CONLive API Security WorkshopPrivate API Security Workshop
About
Who is APIsec?BlogCase StudesSupport
Copyright © 2024 APIsec.ai
Free License Agreement
Terms & Conditions
Privacy Policy