Konto erstellenAnmelden

Frühere Suchanfragen

Keine früheren Suchanfragen

Suchoptionen

Nur verfügbar, wenn angemeldet.
nrw.social ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Wir sind eine freundliche Mastodon Instanz aus Nordrhein-Westfalen. Ob NRW'ler oder NRW-Sympathifanten, jeder ist hier willkommen.

Verwaltet von:

Serverstatistik:

2,8 Tsd.
aktive Profile

nrw.social: ÜberStatusProfilverzeichnisImpressum/Datenschutz

Mastodon: ÜberApp herunterladenTastenkombinationenQuellcode anzeigenv4.3.7

#apisecurity

1 Beitrag1 Beteiligte*r0 Beiträge heute
Öffentlich
Miguel Afonso Caetano

"API keys are foundational elements for authentication, but relying solely on them is inherently a risky proposal.

Firstly, there’s the reality that API keys are not securely designed — they were never meant to be used as the sole form of authentication, and as such, they aren’t really built for the task. These keys can often be easily stolen, leaked, or, in some cases (especially if generated incrementally), outright guessed. An API key is suitable for tracking usage but is poor for security.

There is also the additional reality that keys in their default state lack some critical functionality. There’s not a lot of verification built-in for identity management, and what does exist offers very little in the way of granular access control.

Ultimately, solely relying on API keys is a mistake common with novice developers but frighteningly common even in advanced products.

Best Practices
Instead of relying heavily on API keys as a sole mechanism, combine those keys with additional approaches such as OAuth 2.0 or mTLS. Implement rigorous expiration and rotation policies to ensure that keys which are made public are only useful for a short amount of time. Consider more advanced approaches, such as IP whitelisting or device fingerprinting, to add another layer of security atop the API key process."

nordicapis.com/9-signs-youre-d

Nordic APIs · 9 Signs You're Doing API Security Wrong | Nordic APIs |API security anti-patterns are common. From overreliance on API keys to a lack of rate limiting to no encryption, we explore the top ones.
#API#APIs#APISecurity
Öffentlich
Graylog

#APIs act as digital portals that allow data to travel between applications. 🕳️ However, as sensitive data moves from one application to another, each API becomes a potential access point that threat actors can exploit. 😬

🔒 Securing APIs is critical to any company's data protection program, and knowing the OWASP API security top 10 will help! 🔟 🙌

Read on an learn about:
❓ Who OWASP is
⚠️ The 10 most critical API security risks based on several data points
🔓 The OWASP top 10 API security risks

graylog.org/post/an-introducti #cybersecurity #infosec #APIsecurity #GraylogLabs

Öffentlich
Pyrzout :vm:

How Contrast ADR Speeds up SOC Incident Response Time| SOC Challenges From Alert Fatigue to Application-Layer Visibility | Contrast Security – Source: securityboulevard.com ciso2ciso.com/how-contrast-adr #ApplicationDetectionandResponse(ADR) #SecurityOperationsCenter(SOC) #applicationvulnerabilities #ApplicationLayerSecurity #APIsecurity

how-contrast-adr-speeds-up-soc-incident-response-time|-soc-challenges-from-alert-fatigue-to-application-layer-visibility-|-contrast-security-–-source:-securityboulevard.com
CISO2CISO.COM & CYBER SECURITY GROUP · How Contrast ADR Speeds up SOC Incident Response Time| SOC Challenges From Alert Fatigue to Application-Layer Visibility | Contrast Security – Source: securityboulevard.comSource: securityboulevard.com - Author: Contrast Marketing Just bec
Öffentlich
Graylog

Did someone say FREE training? 👀 🆓 😁 Welcome to #Graylog Academy! 👋 We are excited to give you the tools to gain immediate value, unlock #security analytics, and begin data driven decision-making as you embark upon (or continue) your journey with Graylog. 🚀

Check out the awesome selection of FREE courses you can take, including:
➡️ Adding Context and Enriching Your Log Data
➡️ Events, Alerts, and Notifications
➡️ Hardening Graylog with TLS
➡️ Intro to API Security
➡️ Introduction to Graylog Dashboards
➡️ Pipelines, Parsing and the Graylog Information Model

Did we mention that many of the courses are 🆓 ⁉️ What are you waiting for! Let's go. 🏃💨

academy.graylog.org/home #APIsecurity #SIEM #logmanagement #cybersecurity #infosec

Öffentlich
Graylog

It was a packed house for the Graylog #BSidesROC Capture The Flag on Saturday! 🏠 🎉 Thank you to everyone who joined us for the fun and games. 🎮 💻 You are all amazing and, now, a little (or a lot!) more knowledgable about #Graylog! 💡 It's a win-win. 😃 👏

And congrats to our challenge winners!
🏆 Grand prize winner — Tyler Smith
🎟️ Training voucher winner — Praveen Kumar Penukonda
🏅 Runner up — Gabriel Schickling

#CTF#cybersecurity#APIsecurity
Öffentlich
Graylog

Threat actors are increasingly using cloud services to identify the data they intend to exfiltrate or ransom. Cloud native development, containers, and microservices allow dev teams to quickly deploy new builds. But, they also lead to a higher potential for misconfiguration. And where there are misconfigurations there are vulnerabilities that leave openings for threat actors. ☠️ 😦

So, what can #security teams do about this? 🤔 They can shine a spotlight on what’s in their #API traffic! 🔦 Once you know how #cybercriminals are accessing sensitive data, you can stop them from gaining access to it. 🛑

Critical security steps need to happen before data exfiltration does. Learn more about predicting risk and closing your vulnerability gap, in this article by #Graylog's Seth Goldhammer.

securityboulevard.com/2025/03/ #cybersecurity #APIsecurity #infosec

Öffentlich
Graylog

APIs often handle vast amounts of Personally Identifiable Information (#PII), which makes them prime targets for API data exfiltration. 🎯😒 So, it's no surprise that #API-based attacks with the aim of stealing sensitive data have increased over time. Many orgs also lack visibility into which APIs are handling PII, which leaves them with massive #security blind spots. 😳

What should orgs do about this? Let's take a closer look at:
🚦 The growing risks of PII exposure in API traffic
🔓 The methods attackers use to exfiltrate data
👀 Capabilities to look for in a data exfiltration prevention solution
💥 How the new release of Graylog API Security 3.7 can help

graylog.org/post/apis-the-sile #APIsecurity #APIs #cybersecurity

Öffentlich
:mastodon: Mike Amundsen

Wallarm Releases 2025 API ThreatStats Report, Revealing that APIs are the Predominant Attack Surface

buff.ly/4aEd2fo

"Wallarm's researchers tracked 439 AI-related CVEs, a staggering 1,025% increase from the prior year. Nearly all (99%) were directly tied to APIs, including injection flaws, misconfigurations, and new memory corruption vulnerabilities stemming from AI's reliance on high-performance binary APIs."

#api360#agenticAI#apiSecurity
Öffentlich
Graylog

We're going to apidays NYC, woot! 🎉 Join us at the conference to learn about #API management for surfing the next innovation waves. 🌊 🏄 Our VP of Engineering, Rob Dickinson, will be speaking at the event, as well. 🙌 🗣️

Got questions about #APIsecurity, #SIEM and/or log management? See us in NYC on May 14th and 15th, 2025 to get all of your burning questions answered. 🔥 Or just to hang out and pick up some Graylog swag! 🤝 🎁

apidays.global/new-york/ #apidays #apidaysNewYork #apidaysNY #Graylog #APIs

apidays NEW YORK
Öffentlich
Tuvoc Technologies

Node.js Security in 2025: Best Practices and Threat Mitigation

bloggingaadd.com/nodejs-securi

Learn the best Node.js security practices for 2025 to protect your applications from evolving threats. Explore key strategies for threat mitigation, data protection, and secure coding.

#NodeJS
#CyberSecurity
#WebSecurity
#SecureCoding
#BackendDevelopment
#APISecurity
#TechTrends2025
#DataProtection
#SoftwareSecurity
#JavaScript
#SecureApps
#ThreatMitigation

Öffentlich
LMG Security

China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains

The Silk Typhoon hacking group, linked to China and previously behind Microsoft Exchange zero-day attacks, is now targeting IT supply chains, abusing stolen API keys, remote management tools, and cloud applications to infiltrate corporate networks.

The group is exploiting stolen API keys and credentials from IT service providers, launching zero-day attacks on Ivanti VPN, Palo Alto Networks, and Citrix NetScaler, and shifting from on-prem environments to cloud applications like Microsoft 365, OneDrive, and SharePoint to exfiltrate data.

Organizations must strengthen API security, enforce least privilege access, and monitor cloud environments to mitigate these growing supply chain threats.

Read more: thehackernews.com/2025/03/chin

The Hacker NewsChina-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial AccessSilk Typhoon exploits zero-day vulnerabilities, stolen API keys, and cloud services to infiltrate IT supply chains and government networks worldwide.
#Cybersecurity#SupplyChainSecurity#CloudSecurity
Öffentlich
Graylog

"APIs are fundamentally dark and challenging to monitor, making it hard for organizations to detect exposures and exploits," says #Graylog's VP of Engineering Rob Dickinson. In this ITPro Today article, Rob explains more about:

😰 Inherent API challenges
🤖 The evolution of API attacks and the role of AI and automation
🙍 What you need to know about API data exfiltration targeting personal identifiable information
⚔️ Deterring sophisticated API data exfiltration attacks

API security incidents were at an all time high in 2024. And as we move further into the era of #cyberattacks driven by #AI and automation, security teams need to continue to have an effective strategy that emphasizes monitoring firewalls, gateways, and individual requests but also works towards the detection of API data exfiltration. Learn more. ⤵️

itprotoday.com/vulnerabilities #cybersecurity #APIsecurity #PII

EntdeckenLive-Feeds
Über