Resources

What is OWASP API Security Top 10: A Deep Dive

The rise of APIs has changed the landscape of vulnerabilities so fundamentally that a new approach was necessary, and 2019 OWASP added the API Security Top 10 list.

API Security Testing Requirements for PCI, SOC 2, CCPA and other Compliance Frameworks

This webinar covers various security compliance regulations such as PCI DSS and SOC 2 and shares how APIs are currently covered by security testing requirements.

Best practices for building Security into your APIs

This webinar shares real-world best practices for embedding security into the development cycle to prevent API vulnerabilities from making it into production.

API Security 101: Establishing and Managing a Secure API Program

Experts from RedSpin and APIsec will share how to build, manage, and protect your API security program utilizing real world examples and OWASP Top 10 guidance..

Seismic Case Study

“APIsec provided exceptional support to us throughout the on-boarding and configuration stages. Their capabilities got us testing our APIs for a broad range of vulnerabilities in a very short period of time." Tim Dzierzek, Director of Information Security

Slimstock Case Study

“As we looked towards building our API focused products we were at a cross-road; do we build API Security validations ourselves or do we leverage external companies." Daan Majoor - CTO

HealthTech Case Study

After working with APIsec, our technologists were impressed with the approach and capabilities. Today it is our biggest bang for our security buck.” The Health Tech Firm CISO

EstateSpace Case Study

“A further challenge of identifying potential security gaps is to not disrupt the development and test flow of the engineers. This means that the tooling needed to play within the existing DevSecOps infrastructure.” Matt Jenks, CTO/CSO

Griffen Global Case Study

“With APIsec as a partner, our privilege escalation testing was put together in under a month, resulting in a great return on investment as the total cost is well below the cost of a single security test engineer.”

API Security Best Practices - Whitepaper

APIs account for over 80% of Internet traffic and will become the “most frequent attack vector" by 2022. Securing APIs requires new approaches.

API Security Automation Development Cost - Whitepaper

APIs account for over 80% of Internet traffic and will become the “most frequent attack vector" by 2022. Securing APIs requires new approaches.

BOLA Risk Mitigation Strategies - Whitepaper

APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface Level Access Control issue. BOLA checks should be considered in every function that accesses a data source.

Google Apigee & Allstate: How to Incorporate API Security into the Development Cycle

Join API experts from Google Apigee, Allstate, APIsec, and Achieve Internet and learn how to integrate API security testing into the CI/CD pipeline.

Software AG & APIsec: Quickly Detect API Vulnerabilities and Meet Compliance Requirements

Software AG has partnered with security experts APIsec to bring you a comprehensive, modern security solution for your APIs. APIsec integrates with API gateways and platforms, and with CI/CD frameworks to automatically test new code in real-time.

APIsec Introduces First, 100% Automated, Certified Pen-Test Report for APIs

APIsec, Inc. introduced today an update to its API security platform allowing enterprise security and compliance groups to obtain certified, compliant API penetration testing reports on-demand.

How to Add Token Generation Code

Rest API and its Significance to Web Service Providers

APIsec - the Only Platform for Automated API Security Testing

APIs are the heart of the modern Web, Mobile, & Data integration architecture. As per OWASP, top API vulnerabilities come from business-logic, role-configuration, and access-control flaws.

Scan APIs locally with APIsec CLI

How to Call APIsec APIs

First American Financial 885M Account Records

How hackers acquired patient’s personal data from Healthline

What made Citi’s hack much worse? How to avoid the same mistake?

How a Common API Flaw Gave Attackers Access to Symantec’s Customer Certificates

Simplified Analysis of Outlook Hack