Resources
All Resources

What is OWASP API Security Top 10: A Deep Dive
The rise of APIs has changed the landscape of vulnerabilities so fundamentally that a new approach was necessary, and 2019 OWASP added the API Security Top 10 list.
Read → webinar
API Security Testing Requirements for PCI, SOC 2, CCPA and other Compliance Frameworks
This webinar covers various security compliance regulations such as PCI DSS and SOC 2 and shares how APIs are currently covered by security testing requirements.
Register → webinar
Best practices for building Security into your APIs
This webinar shares real-world best practices for embedding security into the development cycle to prevent API vulnerabilities from making it into production.
Register → webinar
API Security 101: Establishing and Managing a Secure API Program
Experts from RedSpin and APIsec will share how to build, manage, and protect your API security program utilizing real world examples and OWASP Top 10 guidance..
Register → Case Study
Seismic Case Study
“APIsec provided exceptional support to us throughout the on-boarding and configuration stages. Their capabilities got us testing our APIs for a broad range of vulnerabilities in a very short period of time." Tim Dzierzek, Director of Information Security
Go → Case Study
Slimstock Case Study
“As we looked towards building our API focused products we were at a cross-road; do we build API Security validations ourselves or do we leverage external companies." Daan Majoor - CTO
Go → Case Study
HealthTech Case Study
After working with APIsec, our technologists were impressed with the approach and capabilities. Today it is our biggest bang for our security buck.” The Health Tech Firm CISO
Go → Case Study
EstateSpace Case Study
“A further challenge of identifying potential security gaps is to not disrupt the development and test flow of the engineers. This means that the tooling needed to play within the existing DevSecOps infrastructure.” Matt Jenks, CTO/CSO
Go → Case Study
Griffen Global Case Study
“With APIsec as a partner, our privilege escalation testing was put together in under a month, resulting in a great return on investment as the total cost is well below the cost of a single security test engineer.”
Go → whitePaper
API Security Best Practices - Whitepaper
APIs account for over 80% of Internet traffic and will become the “most frequent attack vector" by 2022. Securing APIs requires new approaches.
Download → whitePaper
API Security Automation Development Cost - Whitepaper
APIs account for over 80% of Internet traffic and will become the “most frequent attack vector" by 2022. Securing APIs requires new approaches.
Download → whitePaper
BOLA Risk Mitigation Strategies - Whitepaper
APIs tend to expose endpoints that handle object identifiers, creating a wide attack surface Level Access Control issue. BOLA checks should be considered in every function that accesses a data source.
Download → webinar
Google Apigee & Allstate: How to Incorporate API Security into the Development Cycle
Join API experts from Google Apigee, Allstate, APIsec, and Achieve Internet and learn how to integrate API security testing into the CI/CD pipeline.
Register → webinar
Software AG & APIsec: Quickly Detect API Vulnerabilities and Meet Compliance Requirements
Software AG has partnered with security experts APIsec to bring you a comprehensive, modern security solution for your APIs. APIsec integrates with API gateways and platforms, and with CI/CD frameworks to automatically test new code in real-time.
Register → blog
APIsec Introduces First, 100% Automated, Certified Pen-Test Report for APIs
APIsec, Inc. introduced today an update to its API security platform allowing enterprise security and compliance groups to obtain certified, compliant API penetration testing reports on-demand.
Read → blog
How to Add Token Generation Code
Read → blog
Rest API and its Significance to Web Service Providers
Read → blog
APIsec - the Only Platform for Automated API Security Testing
APIs are the heart of the modern Web, Mobile, & Data integration architecture. As per OWASP, top API vulnerabilities come from business-logic, role-configuration, and access-control flaws.
Read → blog
Scan APIs locally with APIsec CLI
Read → blog
How to Call APIsec APIs
Read → blog
First American Financial 885M Account Records
Read → blog
How hackers acquired patient’s personal data from Healthline
Read → blog
What made Citi’s hack much worse? How to avoid the same mistake?
Read → blog
How a Common API Flaw Gave Attackers Access to Symantec’s Customer Certificates
Read → blog
Simplified Analysis of Outlook Hack
Read →