API Security Insights and Resources

Stay informed with expert articles, guides, and the latest trends in API security

BOLA: Why It's the #1 API Security Threat and How APIsec Makes Testing Simple

April 21, 2025
Jesse Freeman
Jesse Freeman

How Software-Defined Vehicles Are Changing the Game

February 19, 2025
Dan Barahona
Dan Barahona

APIsec presents the 2024 API Security Market Report

March 13, 2024
Shelby Matthews
Shelby Matthews

The Critical Importance of Testing Internal APIs: A Holistic Approach to Cybersecurity

March 4, 2024
Stacey Levine
Stacey Levine

2024 API Security Best Practices

January 8, 2024
Dan Barahona
Dan Barahona

Upcoming DSS 4.0 Deadline for PCI Compliance

January 3, 2024
Shelby Matthews
Shelby Matthews

Edulog Parent Portal Breach: Unraveling the API Vulnerability and Safeguarding Against BOLA Threats

December 15, 2023
Shelby Matthews
Shelby Matthews

2023 OWASP API Top Ten

December 12, 2023
Shelby Matthews
Shelby Matthews

HIPAA (Data Privacy) vs 21st Century Cures Act (Interoperability): Reducing the Conflict in the Healthcare Industry

March 21, 2023
Christine Bevilacqua
Christine Bevilacqua

How to Choose an API Security Tech Stack

November 15, 2022
Dan Barahona
Dan Barahona

Top 5 Burp Suite Alternatives for API Security Testing

November 15, 2022
Dan Barahona
Dan Barahona

Burp Suite vs. OWASP ZAP - Which is Better for API Security Testing?

November 14, 2022
Dan Barahona
Dan Barahona

What the OCC's Bank Supervision Operating Plan for Fiscal Year 2023 Means for Community Banks and FinTechs

November 7, 2022
Dan Barahona
Dan Barahona

Best Penetration Testing Tools to Secure Your APIs

September 16, 2022
Dan Barahona
Dan Barahona

How to Continuously Test APIs (and Why That's Impossible for Bug Bounty Programs)

July 19, 2022
Dan Barahona
Dan Barahona

The Hidden Risks of API Monitoring That Leave APIs More Vulnerable

July 12, 2022
Dan Barahona
Dan Barahona

Shift Left Security: The Ultimate Guide

March 31, 2024
Dan Barahona
Dan Barahona

Shift Left for DevOps: Key Benefits and 5 Best Practices to Follow

May 19, 2022
Dave Piskai
Dave Piskai

Shift-left vs Traditional Testing: Your Guide to Choosing the Best Path

May 16, 2022
Dan Barahona
Dan Barahona

What is Broken Object Level Authorization (BOLA) and How to Fix It

May 11, 2022
Dan Barahona
Dan Barahona

Penetration Testing Best Practices for Every Stage of Testing

May 13, 2022
Dan Barahona
Dan Barahona

What is Business Constraint Exploitation?

May 5, 2022
Dan Barahona
Dan Barahona

Web Attacks: Intro to HTTP Verb Tampering

May 2, 2022
Wesley Meier
Wesley Meier

Sensitive Data Exposure: What It Is and How to Avoid It

April 20, 2022
Dan Barahona
Dan Barahona

Generating OpenAPI Specification (OAS) documentation for your REST APIs

October 28, 2022
Dave Piskai
Dave Piskai

How to Address Business Logic Flaws During Application Design

April 12, 2022
Dan Barahona
Dan Barahona

Business Logic vs. Application Logic: The Key Differences You Need to Know

April 10, 2022
Wesley Meier
Wesley Meier

5 Real-world Examples of Business Logic Vulnerabilities that Resulted in Data Breaches

April 7, 2022
Dan Barahona
Dan Barahona

Why Business Logic Vulnerabilities Are Your #1 API Security Risk

February 3, 2024
Dan Barahona
Dan Barahona

How Improper Assets Management Can Leave Your APIs Vulnerable to Attacks

March 28, 2022
Dan Barahona
Dan Barahona

What Is a Business Logic Layer?

March 25, 2022
Dan Barahona
Dan Barahona

FinTech API Security: How APIs Are Shaping the Future of Financial Services

March 21, 2022
Dan Barahona
Dan Barahona

How to Protect Your Bank APIs and Create a Secure Open Banking Environment

March 17, 2022
Dan Barahona
Dan Barahona

Cybersecurity in Fintech: Top 8 FinTech Cybersecurity Risks and Challenges

March 15, 2022
Dan Barahona
Dan Barahona

What Is Vulnerability Scanning and How Does It Work?

March 12, 2022
Dan Barahona
Dan Barahona

5 Best Web Application and API Vulnerability Scanners in 2022

March 9, 2022
Dan Barahona
Dan Barahona

Top 5 Best API Documentation Tools to Help Improve Adoption Rates

March 5, 2022
Dan Barahona
Dan Barahona

What Is OAuth 2.0 and How Does It Work?

March 2, 2022
Dan Barahona
Dan Barahona

5 Best API Security Testing Tools in 2022 (Ranked & Reviewed)

February 24, 2022
Dan Barahona
Dan Barahona

What is API Testing Automation? And How It Will Improve Your DevSecOps Process

February 20, 2022
Dan Barahona
Dan Barahona

API Security Checklist: What You Need To Know

February 19, 2022
Dan Barahona
Dan Barahona

Drilling Down Into Excessive Data Exposure: How to Protect Your APIs Sensitive Data

February 15, 2022
Dan Barahona
Dan Barahona

3 Steps for an Effective API Testing Process

February 13, 2022
Dan Barahona
Dan Barahona

10 Essential API Security Best Practices To Protect Your Data

February 9, 2022
Dan Barahona
Dan Barahona

MuleSoft API Security Best Practices Your Dev Needs to Know About

February 8, 2022
Dan Barahona
Dan Barahona

API Security Testing Pricing & Cost: All You Need To Know

February 5, 2022
Dan Barahona
Dan Barahona

Why APIs are Your Biggest Security Risk

February 2, 2022
Dan Barahona
Dan Barahona

What Is API Privacy and How to Protect Your Sensitive Data

January 29, 2022
Dan Barahona
Dan Barahona

A Complete List of API Terms

January 26, 2022
Dan Barahona
Dan Barahona

API Security 101: The What, The How, and The Why

January 24, 2022
Dan Barahona
Dan Barahona

API Security: How to Add the Sec in DevSecOps

January 21, 2022
Dan Barahona
Dan Barahona

Why Automated Penetration Testing Is a Must

January 18, 2022
Dan Barahona
Dan Barahona

How to Secure an API: Best Practices

January 15, 2022
Dan Barahona
Dan Barahona

APIsec Introduces First, 100% Automated, Certified Pen-Test Report for APIs

January 12, 2022
Dan Barahona
Dan Barahona

The Beginner’s Guide to REST API: Everything You Need to Know

January 6, 2022
Dan Barahona
Dan Barahona

How to Add Token Generation Code

January 3, 2022
Dan Barahona
Dan Barahona

APIsec - the Only Platform for Automated API Security Testing

December 28, 2021
Dan Barahona
Dan Barahona

How to Call APIsec APIs

December 11, 2021
Dan Barahona
Dan Barahona

First American Financial 885M Account Records First American Financial 885M Account Records

December 6, 2021
Dan Barahona
Dan Barahona

How hackers acquired patient’s personal data from Healthline

December 1, 2021
Dan Barahona
Dan Barahona

How Hackers Acquired 350K Citi Customer Records

November 29, 2021
Dan Barahona
Dan Barahona

How a Common API Flaw Gave Attackers Access to Symantec’s Customer Certificates

November 22, 2021
Dan Barahona
Dan Barahona

Simplified Analysis of Outlook Hack

November 18, 2021
Dan Barahona
Dan Barahona

5 Billion Records From 6,500 Data Breaches Exposed in 2018

November 11, 2021
Dan Barahona
Dan Barahona

What Is OWASP API Security Top 10: A Deep Dive

October 30, 2021
Dan Barahona
Dan Barahona