The API Security Newsletter - Issue #17
APIs introduce risks. API security encompasses practices, processes, and tools that help protect APIs against cyber threats. It is a core part of modern information security.
API governance is the guardrails you put in place to assure quality, security, compliance and more, usually via a platform-based approach to API lifecycle management. To achieve a better scaling experience with good API governance, you must think about the API landscape you are trying to build. How can you get the most value out of it?
The exploding adoption of APIs has also greatly expanded organizations’ attack surfaces, increasing the need for enterprises to focus on API security. But as organizations transition into a multitude of cloud, hybrid and on-premises digital environments, this complexity makes it difficult for security teams to find and fix problems quickly.
In this Help Net Security video, Shay Levi, CTO at Noname Security, discusses the findings from a recent API security report, which reveals a growing number of API security incidents, a concerning lack of API visibility, and a level of misplaced confidence in existing controls.
Programmers who rely on external libraries give hackers an easy way into their applications.
In our digitally-driven, cloud and mobile-dispersed business world, security is becoming a top priority for more and more organizations, especially for the customers, operations and transactions data they hold running on these applications. With breaches being exposed daily, it’s clear data security is a challenge for companies.
APIs are everywhere. They drive everything in this current economy. Enterprises are dependent on APIs for their mission-critical operations. This makes API security of the utmost importance for every organization. According to a recent Gartner CIO and Technical Executive survey, cyber and information security are at the top of the list for planned investments in 2022. This is not surprising as business leaders are feeling the pressure to put budget and resources behind cybersecurity to protect their APIs, data, customers, and the reputation of their companies.
API (security) related videos
This talk guides you through various security risk of Kubernetes, focusing on OWASP Kubernetes Top 10 list. In live demos, you’ll find out how to exploit a range of past and present CVEs or misconfigurations in your k8s clusters, attacking containers, pods, supply chain, network, or storage. You’ll learn about common mistakes and vulnerabilities along with the best practices for hardening your Kubernetes systems.
Do you build things that can be hacked? Want to lower those odds? Join us to learn the basics of security vulnerabilities and evasive coding maneuvers that can make your software more secure, every time. Geared for developers of all skill levels, this code-centric talk will be present code samples and essential fundamentals that apply to every language.
One more thing...
A very interesting YouTube series on Google Security, for example in Episode 000 they give you an inside look at the historic attack where Google’s network was breached by a foreign government trying to access the Gmail accounts of human rights activists. In the wake of the breach, Google changed its approach to security - overhauling everything and developing highly specialized teams of elite experts to stay ahead of the ever-evolving threat landscape.
Disclaimer: The author of this newsletter is employed by Noname Security, but this is not an official Nonane Security publication, the newsletter is meant to provide independent API Security News. I encourage you to reach out with comments and/or suggestions for the newsletter via https://twitter.com/filipv (DM’s are open).