As we transition into the last month of 2020, it’s time for my team and I to look back over what we covered this year in the blog and start giving some thought to 2021’s editorial calendar. I know that I definitely have favorite content pieces, but there is something probably even more interesting to you.
What blog content is the security community most interested in recently?
Below is a list of the top five posts published by Cequence Security since January 2020.
API Security Need-to-Know: Ramifications of Weak API Authentication
Until May 2020, an API vulnerability existed in ZIPNet, an online application used by Indian law enforcement. It allowed malicious actors to create or modify criminal records without authenticating. Based on the publicly available information, this security incident was a direct result of poorly implemented API authentication and access control, a common challenge in enterprises today. Read the Full Post
When APIs Say Too Much
As developers use APIs to build platforms that allow for more rapid feature releases, an equal amount of emphasis must be placed on ensuring users can utilize the application safely and securely. In the case of this discovered Kasa camera security vulnerability, verbose error messages introduced a risk to consumers. Read the Full Post
Aite Group Research Validates API Security Gaps
The API Security Best Practices Research Report published by Joe Krull from the Aite Group validates security gaps in protecting APIs. Additionally, it makes recommendations that will benefit any organization moving towards an API-centric development methodology. Read the Full Post
Tales from the Front Lines: Attackers on Lockdown Focus on APIs
As the pandemic rolled into early summer Cequence Security customers battled an increase in bot activity. In one case, the lion’s share of the attack traffic, 15 million events, was aimed at one particular login API endpoint for an android application. Read the Full Post
Announcing Cequence API Sentinel
In June, Cequence introduced API Sentinel, a new API security service designed to give you continuous run-time visibility, shadow API discovery, risk analysis, and conformance assessment for all your APIs hosted on-premises and in public clouds. Read the Full Post
What to expect in 2021?
The top posts share a common thread, API Security. And, as we continue into 2021, we fully expect it to remain one of the biggest challenges faced by both our customers and security teams everywhere.
Cequence is committed to helping organizations eliminate security gaps by rapidly discovering APIs and protecting them from automated attacks and vulnerability exploits with a consistent security policy.
Is protecting APIs on your radar for 2021? Request a demo to see Cequence Security in action.