LIVE! 2025 API Breaches Workshop  | December 18 @ 12PM ET

API Security Insights and Resources

Stay informed with expert articles, guides, and the latest trends in API security

Server-Side Request Forgery (SSRF): OWASP API Security Principle Seven Explained

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Unrestricted Access to Sensitive Business Flows: OWASP API Security Principle Six Explained

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Instagram API Breach: A Lesson in Unrestricted Access to Sensitive Business Flows

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Understanding Broken Function Level Authorization (BFLA): Securing API Functions from Misuse and Abuse

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Understanding Broken Object Property Level Authorization (BOPLA): Prevent Mass Assignment and Excessive Data Exposure

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Unrestricted Resource Consumption: How to Protect Your APIs from Data Harvesting and Performance Issues

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Peloton's API Security Breach: A Case Study in Broken Authentication and Insufficient Authorization

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Understanding Security Misconfiguration in APIs: OWASP 8 Explained

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Improper Inventory Management in APIs: OWASP 9 Explained

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Unsafe Consumption of APIs (OWASP 10): Securing Third-Party Integrations

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Understanding Broken Authentication: OWASP API Security Principle Two

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Are Free API Scanners Actually Worth It?

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

What Should I Look for When Choosing an API Penetration Testing Tool?

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Real-World Lessons of Broken Object Level Authorization (BOLA)

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Understanding Broken Object Level Authorization (BOLA): OWASP API Security Principle #1

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Real-World API Security Breaches: Lessons from Major Attacks

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Understanding the Application Security Technology Landscape: Where Tools Excel and Where Gaps Remain

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

Three Pillars of API Security: Governance, Testing, and Continuous Validation

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

API Security Fundamentals: Protecting the Backbone of Modern Applications

November 19, 2025
5 minutes
Dan Barahona
Dan Barahona

API Failure: 7 Causes and How to Fix Them

November 17, 2025
5 minutes
Dan Barahona
Dan Barahona

Which API Security Testing Tool Should I Choose

November 17, 2025
5 minutes
Dan Barahona
Dan Barahona

API Security Testing Automation in CI/CD Pipelines: Complete Setup Guide

November 17, 2025
5 minutes
Dan Barahona
Dan Barahona

API Security Mistakes That Lead to Data Breaches

November 17, 2025
5 minutes
Dan Barahona
Dan Barahona

How to Detect Business Logic Vulnerabilities in API

November 14, 2025
5 minutes
Dan Barahona
Dan Barahona

Why Do APIs Keep Getting Hacked

November 14, 2025
5 minutes
Dan Barahona
Dan Barahona

When Do You Need API Penetration Testing for Your Applications

November 14, 2025
5 minutes
Dan Barahona
Dan Barahona

API Vulnerability Scanning vs Penetration Testing: Key Differences

November 14, 2025
5 minutes
Dan Barahona
Dan Barahona

Why Automated API Testing Tools Are Better Than Manual Testing

November 14, 2025
5 minutes
Dan Barahona
Dan Barahona

Can Automated API Security Testing Replace Security Code Reviews

November 14, 2025
5 minutes
Dan Barahona
Dan Barahona

How Does Automated API Endpoint Testing Improve Security Coverage

November 14, 2025
5 minutes
Dan Barahona
Dan Barahona

API Fuzzing for Security Testing: Complete Guide

October 22, 2025
5 minutes
Dan Barahona
Dan Barahona

Master API Authentication and Authorization | Best Practices for Security

October 21, 2025
5 minutes
Dan Barahona
Dan Barahona

Fix Broken API Authentication: Detection, Prevention, and Best Practices

October 21, 2025
5 minutes
Dan Barahona
Dan Barahona

API Endpoint Guide: Understanding Functionality, Security, and Best Practices

October 21, 2025
5 minutes
Dan Barahona
Dan Barahona

Difference Between SAST and DAST: Key Insights & Tools

October 21, 2025
5 minutes
Dan Barahona
Dan Barahona

Troubleshooting Guide for API Failure: Common Causes & Solutions

October 21, 2025
5 minutes
Dan Barahona
Dan Barahona

API Security Orchestration: Automate Incident Response & Remediation

October 21, 2025
5 minutes
Dan Barahona
Dan Barahona

Prompt Injection and LLM API Security Risks | Protect Your AI

October 17, 2024
5 minutes
Dan Barahona
Dan Barahona

Secure Your Shadow APIs: Best Practices for API Discovery

October 17, 2025
5 minutes
Dan Barahona
Dan Barahona

Zero Trust API Security: Upgrade Your Cyber Defense Today

October 17, 2025
5 minutes
Dan Barahona
Dan Barahona

BOLA Explained: The Threat No One’s Testing

April 21, 2025
5 minutes
Jesse Freeman
Jesse Freeman

Software-Defined Vehicles: Are Your APIs Driving You Into Risk?

February 19, 2025
5 minutes
Dan Barahona
Dan Barahona

APIsec presents the 2024 API Security Market Report

March 13, 2024
5 minutes
Shelby Matthews
Shelby Matthews

Internal APIs at Risk: Why Testing Matters

March 4, 2024
5 minutes
Stacey Levine
Stacey Levine

2024 API Security Best Practices

January 8, 2024
5 minutes
Dan Barahona
Dan Barahona

Upcoming DSS 4.0 Deadline for PCI Compliance

January 3, 2024
5 minutes
Shelby Matthews
Shelby Matthews

Edulog Parent Portal Breach: Unraveling the API Vulnerability and Safeguarding Against BOLA Threats

December 15, 2023
5 minutes
Shelby Matthews
Shelby Matthews

2023 OWASP API Top Ten

December 12, 2023
5 minutes
Shelby Matthews
Shelby Matthews

HIPAA (Data Privacy) vs 21st Century Cures Act (Interoperability): Reducing the Conflict in the Healthcare Industry

March 21, 2023
5 minutes
Christine Bevilacqua
Christine Bevilacqua

How to Choose an API Security Tech Stack

November 15, 2022
5 minutes
Dan Barahona
Dan Barahona

Top 5 Burp Suite Alternatives for API Security Testing

November 15, 2022
5 minutes
Dan Barahona
Dan Barahona

Burp vs ZAP: Which Finds More API Bugs?

November 14, 2022
5 minutes
Dan Barahona
Dan Barahona

What the OCC's Bank Supervision Operating Plan for Fiscal Year 2023 Means for Community Banks and FinTechs

November 7, 2022
5 minutes
Dan Barahona
Dan Barahona

Best Pen-Testing Tools for Modern APIs

September 16, 2022
5 minutes
Dan Barahona
Dan Barahona

How to Continuously Test APIs (and Why That's Impossible for Bug Bounty Programs)

July 19, 2022
5 minutes
Dan Barahona
Dan Barahona

The Hidden Risks of API Monitoring That Leave APIs More Vulnerable

July 12, 2022
5 minutes
Dan Barahona
Dan Barahona

Shift Left Security: The Ultimate Guide

March 31, 2024
5 minutes
Dan Barahona
Dan Barahona

Shift Left for DevOps: Key Benefits and 5 Best Practices to Follow

May 19, 2022
5 minutes
Dave Piskai
Dave Piskai

Shift-left vs Traditional Testing: Your Guide to Choosing the Best Path

May 16, 2022
5 minutes
Dan Barahona
Dan Barahona

What is Broken Object Level Authorization (BOLA) and How to Fix It

May 11, 2022
5 minutes
Dan Barahona
Dan Barahona

Penetration Testing Best Practices for Every Stage of Testing

May 13, 2022
5 minutes
Dan Barahona
Dan Barahona

Business Logic Flaws in APIs: The Silent Threat

May 5, 2022
5 minutes
Dan Barahona
Dan Barahona

HTTP Verb Tampering: Key Risks and Fixes

May 2, 2022
5 minutes
Wesley Meier
Wesley Meier

Sensitive Data Exposure: What It Is and How to Avoid It

April 20, 2022
5 minutes
Dan Barahona
Dan Barahona

Generate Flawless OpenAPI Specs & Secure APIs

October 28, 2022
5 minutes
Dave Piskai
Dave Piskai

How to Address Business Logic Flaws During Application Design

April 12, 2022
5 minutes
Dan Barahona
Dan Barahona

Business Logic vs. Application Logic: The Key Differences You Need to Know

April 10, 2022
5 minutes
Wesley Meier
Wesley Meier

5 Real-world Examples of Business Logic Vulnerabilities that Resulted in Data Breaches

April 7, 2022
5 minutes
Dan Barahona
Dan Barahona

Why Business Logic Vulnerabilities Are Your #1 API Security Risk

February 3, 2024
5 minutes
Dan Barahona
Dan Barahona

How Improper Assets Management Can Leave Your APIs Vulnerable to Attacks

March 28, 2022
5 minutes
Dan Barahona
Dan Barahona

What Is a Business Logic Layer?

March 25, 2022
5 minutes
Dan Barahona
Dan Barahona

Fintech API Security Checklist: Avoid Disaster

March 21, 2022
5 minutes
Dan Barahona
Dan Barahona

Banking APIs: Closing the Door on Fraud

March 17, 2022
5 minutes
Dan Barahona
Dan Barahona

Fintech APIs: Are You Leaking Money & Data?

March 15, 2022
5 minutes
Dan Barahona
Dan Barahona

Vulnerability Scanning for APIs: What You’re Missing

March 12, 2022
5 minutes
Dan Barahona
Dan Barahona

5 Best Web Application and API Vulnerability Scanners in 2022

March 9, 2022
5 minutes
Dan Barahona
Dan Barahona

Top 5 Best API Documentation Tools to Help Improve Adoption Rates

March 5, 2022
5 minutes
Dan Barahona
Dan Barahona

What Is OAuth 2.0 and How Does It Work?

November 3, 2025
5 minutes
Dan Barahona
Dan Barahona

Top API Security Testing Tools You Need Now

February 24, 2022
5 minutes
Dan Barahona
Dan Barahona

What is API Testing Automation? And How It Will Improve Your DevSecOps Process

February 20, 2022
5 minutes
Dan Barahona
Dan Barahona

API Security Checklist: What You Need To Know

February 19, 2022
5 minutes
Dan Barahona
Dan Barahona

Excessive Data Exposure: Are Your APIs Over-Sharing?

February 15, 2022
5 minutes
Dan Barahona
Dan Barahona

3 Steps for an Effective API Testing Process

February 13, 2022
5 minutes
Dan Barahona
Dan Barahona

API Security Best Practices: Stop Breaches Before They Start

February 9, 2022
5 minutes
Dan Barahona
Dan Barahona

MuleSoft API Security Best Practices Your Dev Needs to Know About

February 8, 2022
5 minutes
Dan Barahona
Dan Barahona

The Hidden Cost of Late API Bug Discovery

February 5, 2022
5 minutes
Dan Barahona
Dan Barahona

Why APIs Are Quietly Your Largest Risk

February 2, 2022
5 minutes
Dan Barahona
Dan Barahona

What Is API Privacy and How to Protect Your Sensitive Data

January 29, 2022
5 minutes
Dan Barahona
Dan Barahona

API Security Glossary

January 26, 2022
5 minutes
Dan Barahona
Dan Barahona

API Security 101: The What, The How, and The Why

January 24, 2022
5 minutes
Dan Barahona
Dan Barahona

API Security: How to Add the Sec in DevSecOps

January 21, 2022
5 minutes
Dan Barahona
Dan Barahona

Why Automated Penetration Testing Is a Must

January 18, 2022
5 minutes
Dan Barahona
Dan Barahona

How to Secure an API: Best Practices

January 15, 2022
5 minutes
Dan Barahona
Dan Barahona

APIsec Introduces First, 100% Automated, Certified Pen-Test Report for APIs

January 12, 2022
5 minutes
Dan Barahona
Dan Barahona

The Beginner’s Guide to REST API: Everything You Need to Know

January 6, 2022
5 minutes
Dan Barahona
Dan Barahona

Secure Token Generation: Best Practices for APIs

January 3, 2022
5 minutes
Dan Barahona
Dan Barahona

Automated API Security Testing Platform for Full Coverage

December 28, 2021
5 minutes
Dan Barahona
Dan Barahona

How to Use Apisec APIs: Simple Guide

December 11, 2021
5 minutes
Dan Barahona
Dan Barahona

What First American’s $885M Leak Teaches API Teams

December 6, 2021
5 minutes
Dan Barahona
Dan Barahona

How hackers acquired patient’s personal data from Healthline

December 1, 2021
5 minutes
Dan Barahona
Dan Barahona