StackHawk Launches Deeper API Security Test Coverage to Improve the Security of APIs
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs, enabling developers to leave no paths untouched.
API security focuses on protecting application interfaces from unauthorized access, data exposure, abuse, and flaws in authentication or design.
Search across headline titles and summaries.
Background for this topic.
Application Programming Interfaces (APIs) are sets of rules that allow software applications to communicate and exchange data, often enabling functionality across different systems or services. APIs define how requests and responses are structured, making it possible for programs to interact without direct user involvement. In cybersecurity, APIs are commonly exposed over networks as endpoints that handle sensitive operations like data retrieval, user authentication, or transaction processing.
APIs increase the attack surface by exposing endpoints that attackers can target with unauthorized access attempts, injection attacks, or denial-of-service. Common risks include weak or missing authentication, insufficient input validation, and improper rate limiting. Effective API security requires strong authentication protocols (e.g., OAuth), strict input validation to prevent injection, rate limiting to mitigate abuse, and comprehensive logging to detect anomalies. Protecting APIs is critical to prevent data leaks, privilege escalation, and service disruption in interconnected environments.
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs, enabling developers to leave no paths untouched.
APIs are everywhere, and WAAP can help you protect them Webinar The latest Data Breach Investigations Report (DBIR) states that applications are the 'main attack vector,' responsible for over 80 percent of breaches. Hardly welcome news since APIs are in use everywhere and have direct access to data in a way which web applications do not.…
The investment in Salt Security underscores the fact that attacks targeting APIs are increasing.
Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers.