API Security Weekly: Issue #114

API Security Weekly: Issue #114

This week, check out the API aspects of the recent SolarWinds and PickPoint breaches, see a review on how to shift API security left with GitHub and 42Crunch, and more.

Breach: SolarWinds

The [SolarWinds hacking reported this weekend] was not API-related as such. It was a supply chain attack in which hackers (likely a state actor) managed to add their backdoor in one of the DLL files of SolarWind’s IT monitoring and management software, Orion. After a dormant period, the malicious code would contact the command and control center (C2) to get further instructions and execute them. This was in turn used against SolarWinds’ customers, including multiple US government agencies.

Breach: PickPoint

[Attackers opened 2,732 PickPoint package lockers across Moscow]. These are lockers that customers can use to pick the goods that they buy online.

graphql api security

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Top 10 API Security Threats Every API Team Should Know

Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them

API Security Weekly: Issue #101

After the special 100th edition last week, which was all about API security advice from the industry’s thought leaders, this week we are back to our regular API security news, and we have twice the number of them, from the past two weeks.

API Security Weekly: Issue

This week, look at the recent vulnerability in Cisco Data Center Network Manager, the API aspect of the data breach at MGM Grand Resort, and more.

Automate GraphQL Backed Applications' Security Testing

We just released GraphQLscanning support to ensure that you can ship secure GraphQL APIs. We 'll jump into the specifics of the solution and follow up with a demo, let’s do a quick overview of the GraphQL specification. This is a unique space with an interesting set of challenges.

How to Properly Leverage Elasticsearch and User Behavior Analytics for API Security

How to set up Elasticsearch and Kibana for User Behavior Analytics (UBA) in API Security Monitoring — Accurately identify API security vulnerabilities. Let's learn How to Properly Leverage Elasticsearch and User Behavior Analytics for API Security