API Security: Purple Teaming Exercises
The first step to establishing your API security program is to obtain visibility. The proliferation...
VIEW MOREAPI Security: Blue Teaming Exercises
The first step to establishing your API security program is to obtain visibility. The proliferation...
VIEW MOREAPI Security: Red Teaming Exercises
The first step to establishing your API security program is to obtain visibility. The proliferation...
VIEW MOREHow to Discover and Document Your API Landscape
API security is more than a tool or a one-off project. Attacker tactics and techniques, and your...
VIEW MOREUnrestricted Resource Consumption: What It Is, How We Can Help
No. 4 on the OWASP API Top 10 vulnerabilities list is unrestricted resource consumption...
VIEW MOREBroken Object Property Level Authorization: What It Is, How We Can Help
Number 3 on the 2023 OWASP API Security Top 10 list, Broken Object Property Level Authorization is...
VIEW MOREMaking a Business Case for API Security: Talking Points for Speaking to the Board
It didn’t take long for API security to make the news in 2023. In January, it was reported that a...
VIEW MOREA Look at a Few Real-World Multi-Vector API & Web Application Attacks
We at ThreatX are observing an uptick in multi-vector API and web application attacks, or...
VIEW MOREWhat is Mass Assignment: How We Can Help
2023 UPDATE: In the 2023 OWASP API Top 10 vulnerabilities list, Excessive Data Exposure and Mass...
VIEW MOREDeconstructing API Attacks
Over the last couple of decades, attackers have built up a sizeable arsenal of tools, techniques,...
VIEW MOREThe Best Way to Combat Bot-Based API Attacks
When defending APIs against botnet attacks, the goal is to make it too inconvenient and expensive...
VIEW MOREBroken Function-Level Authorization: What It Is, How We Can Help
No. 5 on the 2023 OWASP API Top 10 vulnerabilities list is broken function-level authorization....
VIEW MORE