API Vulnerability Archives

ThreatX Introduced Quick Start Program for API Protection

Posted on June 28, 2022 by admin

ThreatX has introduced the API Protection Quick Start Program, which is designed to aid organizations in better protecting their APIs by quickly deploying real-time protection against botnet, DDoS, and complex, multi-mode attacks.

APIs are a gold mine for attackers because they allow applications to share data and are increasingly being used to streamline communication between consumers and business partners. As a result, API adoption has outpaced security teams’ ability to protect against threats, leaving the connected systems vulnerable. While some vendor offerings claim to provide complete API security, they frequently lack bot protection and real-time blocking capabilities, leaving customers vulnerable to threats.

Billy Toomey, Vice President of Sales at ThreatX commented, “We’ve seen firsthand that security teams are struggling to understand how to protect their organization’s APIs against real-time threats, and they’re often trying to do so with scarce time, resources, and human power. We’re thrilled to launch this program, and are confident it will empower small, midsized, and enterprise customers to begin building their API security programs with the full support of ThreatX SOC.”

ThreatX Quick Start program helps businesses get started with API protection by allowing them to build their API security program without putting their resources at risk. The program provides real-time monitoring and blocking of API attacks, allowing protection without the need for additional tools or attack data that must be analyzed after the fact. The fully managed program offers customers support from ThreatX Security Operations Center (SOC), which offers 24/7 coverage and expertise.

Read more articles:

API Security Should Be Your Priority in 2022

Neosec Launched ShadowHunt For API Security

Posted on June 6, 2022 by admin

Neosec launched ShadowHunt, a managed threat hunting service staffed by experts, to supplement its platform with human oversight from active threat hunters to identify the most hidden and obfuscated API abuse. Neosec’s SaaS platform discovers all APIs, analyzes their behavior, audits risk, and eliminates threats lurking within. It brings together security and development teams to protect modern applications at scale from threats.

Neosec applies threat hunting techniques like those used in EDR and XDR to API security. ShadowHunt provides security teams with the assurance that API security experts are investigating unusual behavior on their API estate.

Giora Engel, co-founder, and chief executive officer of Neosec stated, “The increasing potential for insiders or attackers to utilize business APIs for criminal or malicious gain requires a new level of scrutiny and sophistication. The new ShadowHunt service augments our platform with an expert team to monitor API usage and hunt for fraud, abuse, or critical vulnerabilities without any drain on an organization’s existing security team.”

Organizations can manage the growing risk of manipulation, theft, and misuse of core business systems, assets, and data by combining the ShadowHunt service with the Neosec cloud-based platform. Because APIs are increasingly used to connect important business systems to customers, suppliers, and partners, the service is ideal for companies where security teams are understaffed or lack the expertise required to identify threats in business API traffic.

The Neosec platform handles API vulnerabilities by automatically and continuously identifying all APIs in use by a company, assessing their risk posture, and monitoring user behavioral anomalies that could involve data theft or other misuses. Most businesses do not have a complete API inventory, let alone an understanding of the nature of typical API usage. The ShadowHunt service can now supplement the use of the Neosec platform with a team of experts to respond quickly to findings, investigate potential threats, and recommend immediate remediation and actions.

The ShadowHunt service and the Neosec platform work together to provide a quick way to incorporate full monitoring and investigation of anomalous business API usage without interfering with existing security operations or team workload. The combination can quickly and transparently add protection against vulnerability exploits and API business abuse.

Read more articles:

API Security Should Be Your Priority in 2022

Posted on May 24, 2022 by admin

API security represents the application of any security best practice to APIs, which are widely used in modern applications. API security encompasses API access control and privacy, as well as the detection and remediation of API-related attacks such as API reverse engineering and the exploitation of API vulnerabilities.

Whether an application focuses on consumers, or anyone else, the client-side (mobile app or web app) interacts with the server-side via Application Programming Interface (API). APIs make it simple for a developer to create a client-side app. APIs enable microservice architectures as well.

An attack on API could include bypassing the client-side application to disrupt the operation of an application for other users or to compromise private information. API security is concerned with securing this application layer and addressing what might happen if a malicious hacker interacts with the API.

According to Infosecurity Outlook, “by 2023, API abuses will be the most common attack vector resulting in data breaches for enterprise web applications. To avoid these attacks, it is best to take a continuous approach throughout the API development and delivery cycle, designing security into APIs.”

Features of API Security

API security is concerned with securing the APIs that you expose directly or indirectly. API security is less concerned with the APIs you use that are provided by third parties, though analyzing outgoing API traffic, one can get valuable insights that can be used whenever possible.

It’s also worth noting that API security as a practice involves several teams and systems. API security includes network security concepts like rate limiting and throttling, as well as data security, identity-based security, and monitoring.

Technology advancements such as cloud services, API gateways, and integration platforms enable API providers to secure APIs in novel ways. The technology stack you use to build your APIs has an impact on, how secure they are.

Larger organizations have different departments, and they can develop their own applications using their own APIs. Large organizations also end up with multiple API stacks or API silos because of mergers and acquisitions.

As we know, API security requirements can be directly mapped to the technology of a single silo when all your APIs are contained within it. In the future, these security configurations should be portable enough to be extracted and mapped to another technology.

However, in heterogeneous environments, API security rules are typically defined using API security-specific infrastructure that operates across these API silos. The connectivity between API silos and API security infrastructure can be achieved by using the sidecars, sideband agents, and APIs integrated between cloud and on-premises deployments.

API Discovery

There are numerous barriers that prevent security operatives from having full visibility into all APIs exposed by their organization. API silos reduce API visibility by providing only a subset of APIs under disconnected governance.

API discovery is a tussle between API providers and hackers who will easily exploit the APIs once discovered. API traffic metadata can be used to locate APIs before they are discovered by attackers. This information is extracted from API gateways, load balancers, or directly inline network traffic, and then fed into a specialized engine that generates a useful list of APIs that can be compared to API management layer catalogues.

OAuth and API Access Control

To limit API resources to only those users who should be able to access them. The user, as well as any applications acting on their behalf, must be identified. This is typically accomplished by requiring client-side applications to include a token in API calls to the service, which can then validate that token and retrieve user information from it. OAuth is the standard that describes how a client-side application first obtains an access token. OAuth defines numerous grant types to accommodate different flows and user experiences.

API Data Governance and Privacy Protection

API leaks occur because data flows through APIs. As a result, API security must also include inspecting the structured data flowing into and out of your APIs and enforcing rules at the data layer.

Because data in your API traffic is structured predictably, enforcing data security by inspecting API traffic is an excellent choice for this task. API data governance, in addition to [yes/no] type rules, allows you to transform the data structured into your API traffic in real-time for redaction purposes. This pattern is commonly used to redact specific fields that may contain information that a user’s privacy settings dictate should be hidden from the requesting application.

API Threat Identification

API threat detection is a logical extension of general threat protection measures. APIs, for example, are frequently protected by a firewall, which provides some basic security. APIs are sometimes protected by a web application firewall (WAF). A WAF may scan API traffic to detect signature-based threats such as SQL injections and other injection attacks. API gateways also play a role in API-specific threat detection. A gateway may impose a strict schema on the way in as well as general input sanitization. In addition to acting as a policy enforcement point, it will look for deep nesting patterns, and XML bombs, and apply rate limits.

API Analytics and Behaviour

An AI engine can build models for what normal API traffic looks like using API traffic metadata and then use this model to look for anomalous behavior. These anomalies can aid in the detection of ongoing attacks, but they can also indicate system misbehaviors and other non-malicious disruptions to your services, such as friendly fire. Such a layer can pinpoint the source of this attack or misbehavior by analyzing API traffic metadata, and this information can then be used to cease the incident in progress and fix it.

Conclusion

APIs are highly regarded targets for malicious actors and are expected to become the primary attack. APIs require a dedicated approach to security and compliance due to the critical role they play in digital transformation and the access to internal sensitive data and systems they provide.

Read more articles:

What is API Security?

Snyk Secures $75 Million Funding

Posted on October 1, 2021 by admin

Snyk, the global leading developer security firm announced that it has raised $75 million in Series F Funding round from Atlassian Ventures and Salesforce Ventures. Snyk is committed to advancing developer security through equipping millions of development partners to build security early on without sacrificing the speed that their business needs to compete successfully. It pushes the value of the company to $8.6 billion, and the capital total to $850 million, more than 10% of which come directly from Atlassian Ventures and Salesforce Ventures.

In close collaboration with Snyk, Atlassian, and Salesforce are have aim to facilitate the identifying, fixing and monitoring vulnerabilities in their existing workflows for the global developer population – estimated at 26.2 million by 2020 and expected to reach 43.2 million by 2025.

“For Atlassian and Salesforce, this investment in Snyk is more than just capital. Like Snyk, these two industry leaders are fiercely committed to empowering developers to embed security into the entire application. We are humbled by their true, long-term commitment to evolving the legacy security industry through a developer-led approach,” said Peter McKay, CEO, Snyk.

“The desire to do things differently inspires us, and Snyk is reinventing the way organizations think about security. They are a vital part of our ecosystem, tightly integrated into our core products. We’re thrilled to further support their journey and together increase the millions of developers that benefit from their work,” said Chris Hecht, Head of Corporate Development, Atlassian.

“As an early investor since the company’s Series B, we are excited to deepen our partnership and continue to support Snyk as the leader in developer security. Snyk’s vision to empower developers to drive greater agility and digital transformation resonates, and we are excited to support them as both an investor and customer,” said Alex Kayyal, SVP & Managing Partner, Salesforce Ventures.

Neosec raises $20.7 Million in Series A Funding To Protect APIs Against Business Abuse And Data Theft

Posted on September 15, 2021 by admin

Neosec announced that it has emerged out of stealth mode and closed a $20.7 million Series A funding round led by True Ventures, New Era Capital Partners, TLV, and SixThirty, as well as security gurus Mark Anderson, Gary Fish, Mickey Boodaei, Rakesh Loonkar, and Shailesh Rao.

The firm is taking a different approach than today’s traditional application security products, which often rely on signature-based approaches to secure a perimeter. Instead, Neosec uses known XDR (Extended Detection and Response) security approaches, such as precise behavioural analytics, to uncover vulnerabilities and business abuse hidden within APIs.

“Today’s new applications are all API-driven, which creates a new attack surface that puts business fundamentals at risk. Traditional application security techniques are scarcely relevant in a cloud and API-first world,” said Brian Sack, principal at TLV Partners.

APIs are the foundations of digital business, and they enable to accelerate innovation and software development by allowing organisations, partners, and services to communicate seamlessly. While several security solutions promise to secure APIs today, the majority rely on traditional signatures, allowing API calls to proceed without any practical checks of their usage. These systems have no way of detecting bad conduct in APIs, so they let authenticated clients engage with them as they see fit, presuming they’re safe and allowed.

“Today, APIs contain both money and data as well as govern key interactions within a business and to customers, partners and suppliers. Every API is a window into an organization’s business systems and potentially exposes key business logic and processes. Ignoring this blind spot is no longer an option, so the need for a new approach to API security is critical,” said Puneet Agarwal, partner at True Ventures.

Neosec learns every API user’s and client’s baseline behaviour automatically, correlating and profiling different entities such as users, customers, business processes, and partners. It allows users to see, investigate, and hunt for threats utilizing precise timelines of each user entity’s activities.

“One of the greatest challenges facing cybersecurity is the severe lack of logical visibility and behavioral assessment of APIs. Existing technologies were not created to address the incredible exposure organizations now have through their APIs. We created an entirely new approach based on data analytics to provide a complete understanding of all API interactions. It is fully automated, SaaS delivered and able to protect increasing exposure through digital business,” said Engel.

Vulnerability Management – Insights

Posted on August 31, 2021 by admin

The process of identifying, analyzing, classifying, and remediating vulnerabilities depending on the risk they constitute to an organization is known as vulnerability management (VM). A vulnerability scanner is the key technical component of this procedure since it detects resources connected to a company’s network and assesses them for vulnerabilities.

Vulnerability scanner scans a computer system for known vulnerabilities such as unsecured software setups, open ports and malware infection susceptibility. A zero-day vulnerability is one that is unknown or brand new. For cyber attacks and security breaches, exploiting flaws in operating systems, devices, browsers, and third-party applications to infect end-user devices is the first step. Identifying and repairing these vulnerabilities before cybercriminals can exploit them is a preventive security technique that should be included in any security program.

The Elements of Vulnerability Management are –

Plan: Initiate by specifying the scope of the vulnerability management system, including what will be scanned and how it will be scanned. Security teams need to decide the frequency of scanning. Security teams must decide which resources are the most important and who has authority over them.

Scan: An organization’s entire network is scanned for vulnerabilities, insecure devices and software setups, compliance with security regulations. Internal scanning evaluates the cybersecurity of an organization’s network inside the firewall, whereas external scanning is done from the outside. Scanning both internally and externally provides a complete picture of risks.

Remediate: Remediation priorities are set based on the severity of the threat and importance of the resource for an organization, and then it is assigned to an employee who will be remediating the vulnerability. Low-level vulnerabilities are resolved after high or critical vulnerabilities.

Track Progress: Company needs to check the success of its vulnerability management programme. To do this companies, need to define a baseline, set success indicators, and track progress towards their goals. Companies need to improve their vulnerability management system, so they need to add the latest or newly discovered zero-day vulnerabilities to their database.

Proof of Concept

This proof-of-concept helps to understand the technical and financial implications of the vulnerabilities. It also helps in remediating vulnerability.

Risk Scoring

Thousands of vulnerabilities are discovered in an organization. They need an advanced risk rating algorithm to figure out which systems to patch first for effective prioritization. To automate the prioritising of vulnerabilities, the risk score should include threat parameters such as exposure to exploits and viruses, duration of vulnerability.

Scalability

As a company grows, so should its vulnerability management solution’s capacity. Companies should be able to increase capacity at small expenses by adding scan engines to their current solution. The solution vendor should have expertise with similar-sized installations in larger environments.

Report Customization and Consolidation

Security teams can centrally manage prioritisation and remediation across the firm’s entire network, as well as monitor security risk and compliance trends, by combining data reports collected from each scan engine. On a single dashboard or user interface, the VM solution displays vulnerabilities, customizations, policy compliance, and other asset information like installed software.

Bug Bounty and Vulnerability Disclosure Programs

Official vulnerability disclosure programs and policies define parameters for security researchers, obligate businesses to avoid legal action if others follow their rules and provide instructions on how to report vulnerabilities discovered. Some organizations offer monetary or other initiatives to promote responsible security researchers to work in good conscience. The incentives are commonly referred to as the “bug bounty” program. Several specialized organizations that are well-known in the security researcher community provide bug bounty program management and support services. Following the discovery of a vulnerability, companies generally issue a software patch or other fix.

The majority of cyber-attacks happen because there is a flaw or vulnerability in the software. Identifying vulnerabilities and fixing them is a crucial step. 100% secure software doesn’t exist thus finding the flaws and fixing them is a continuous process that improves software security. Hence vulnerability management solutions’ cyber security market share is increasing.

JupiterOne Integrations Increase Value and Context for Cyber Assets

Posted on July 30, 2021 by admin

JupiterOne, a vendor of cyber asset management and governance solutions, has launched three new industrial integrations for its security platform: Cobalt, PagerDuty, and Amazon Web Services (AWS).

JupiterOne clients gain visibility throughout their environment and enrich their existing workflows with new knowledge about their relationships with the help of these strategic integrations. JupiterOne’s API-driven platform connects relevant metadata from new infrastructure and security tooling to provide value to their existing technologies.

JupiterOne’s platform uses contextual linkages to bridge the gap between a typical IT configuration management database (CMDB) and security solutions, reinventing how cyber asset management is done. As a result, AWS, Cobalt’s penetration testing service and PagerDuty’s digital operations management platform may provide consumers with more information regarding cloud configuration.

“We’re seeing more customers centralizing and automating their entire toolchain as a broader, more strategic initiative within their organizations. This model must be built on the foundation of understanding around how all cyber assets connect to each other. We’re proud to formally collaborate with AWS, Cobalt, and PagerDuty to become the glue that enterprises need to gain visibility and contextual knowledge across those complex environments. We help our customers discover unknown risks and reduce manual efforts on day-to-day security operations. What sounds simple can be an overwhelming challenge to do well consistently and at scale,” said Erkang Zheng, Chief Executive Officer of JupiterOne.

“Digital value created by organizations doesn’t exist in silos and security shouldn’t either. For companies to be successful they need to know what’s in their environment and how their technology assets are connected to each other in a meaningful way. Our partnership with JupiterOne is about adding more context to the cyber assets and relationships that ultimately bring value to an organization,” said Caroline Wong, Chief Security Officer of Cobalt.

“JupiterOne and AWS have been working together for a number of years resulting in a strong integration between our platforms. Today we are announcing a leveling up of our joint capabilities. Extending cyber asset relationship-based security and governance across so much of ASW’s technology brings a wealth of security context and a significant improvement in cloud native cyber security to our joint customers,” said Dudi Matot, Principal Segment Lead in Security, Amazon Web Services.

Toyota Tsusho and Cybellum partners for Distribution Provider of Security Services for Automobiles

Posted on July 27, 2021 by admin

Toyota Tsusho Corporation (“Toyota Tsusho”) announced a distribution agreement with Cybellum Technologies Ltd. (“Cybellum”), an Israeli startup that provides security services for autos. Toyota Tsusho is the first company to reach a deal with a distributor in Japan. Toyota Tsusho is a member of the Toyota group, a global corporate enterprise. The purpose is to help Japanese automakers and suppliers succeed.

Year after year, the number of connected cars with communication modules grows. Security measures against cyber security threats are urgently required with the development of connected cars, and the UN subcommittee on cyber security countermeasures (UNR155) has approved laws and measures are being taken in each country. Because vehicle manufacturers must respond to UNR155 starting in July 2022, it is projected that the organizational structure and process construction for cyber-attacks would become a concern in Japan.

Toyota Tsusho will provide the Cybellum Cyber Digital Twins platform to OEMs and automotive suppliers based in Japan. Toyota Tsusho’s deep expertise and rich experience in the automotive industry along with the strong automotive cybersecurity risk assessment expertise of Cybellum combine to create a powerful alliance. This close cooperation will ensure that Cybellum’s Cyber Digital Twins platform is available for the Japanese automotive industry to use, and is tailored to their specific needs.

Toyota Tsusho will sell Cybellum’s vulnerability management technology to Japanese automakers to enable connected car cyber risk countermeasures from development to post-launch.

TripActions chooses Salt Security to protect the APIs operating its cloud-based corporate travel management platform

Posted on July 22, 2021 by admin

TripActions, the fastest-growing travel and expenditure management platform, has installed the Salt Security API Protection Platform to secure the APIs that underpin its platform, according to Salt Security, the leading API security business. TripActions was able to identify potential API issues and exposed data due to the Salt platform’s ongoing discovery capabilities. The platform has also provided the organization with remediation insights into possible vulnerabilities, which it can employ to strengthen its API security posture.

With the commencement of the COVID-19 epidemic, TripActions, a global leader in corporate travel and spend management, quickly changed operations to adapt to a rapidly evolving travel sector. First, the organization made certain that it could assist clients and their families in returning home safely and quickly. The company then expanded its operations to include a wide range of safety services as well as increased business capabilities including real-time analytics. As a result of these modifications, the company’s API footprint grew quickly. The firm also took advantage of the event to debut TripActions LiquidTM, a new all-in-one travel and spending management system. The company’s push into the FinTech sector is formalized with the development of this platform, which increased the company’s reliance on APIs even further. TripActions is able to assure that its APIs were secure during the development and runtime phases of these extensions and that the protection would scale with the platform’s growth.

“Last year brought a major shift in the needs of our customers, which inspired us to launch creative new services. With APIs as part of the very foundation of TripActions, platform expansion created a broader attack surface, along with the corresponding potential for risk and exposure,” said Tarik Ghbeish, product security engineer, TripActions. “Traditional tooling such as WAFs and gateways are not able to stop API attacks. Salt Security brings unique capabilities to find and stop API attacks. It also provides rich discovery of our APIs and exposed data – all at the comprehensive scale we need.”

The Salt Security API Protection Platform delivers full coverage across all APIs for API-first enterprises, providing valuable analysis, context, and remedial insights needed to defend APIs against attacks. Its patented artificial intelligence (AI) and big data engine can detect early warning signs of an attack, stop attackers in their tracks, and turn attackers into penetration testers, giving useful insights that can be used to identify and eliminate vulnerabilities, preventing sensitive data from being exposed. TripActions has found the Salt platform to be particularly helpful in identifying and safeguarding shadow APIs, detecting attackers, and getting remedial information to help enhance API security posture on a continuous basis.

“TripActions’ innovative capabilities bring corporate travel, finance, billing, and expense management into a single platform. As the company has scaled its applications to meet the demands of the changing business landscape, its platforms – like with most companies driving digital innovation – become increasingly reliant on a quickly growing number of APIs. Many innovators are faced with this challenge of ever-growing API-connected ecosystems, which hackers are increasingly targeting as a lucrative treasure trove. Salt Security makes it possible to stop attackers in their tracks while remediating exposures and vulnerabilities that can emerge when developing application environments to eliminate blind spots and create sustained improvements in an organization’s security program,” said Roey Eliyahu, CEO and co-founder of Salt Security.

Salt Security introduced Salt Labs to increase API Security awareness around the world

Posted on July 15, 2021 by admin

Salt Security, the industry’s leading API security firm, announced the launch of Salt Labs, a new public forum for sharing API vulnerability research. Salt Labs will be a resource for organizations wishing to protect infrastructure against API risk through vulnerability and threat research, as well as industry reports. It will also raise public awareness about API security threats, supporting Salt Security’s aim of providing comprehensive API security and accelerating corporate innovation by making APIs attack-proof.

Concerns about API security have become a huge obstacle to company innovation. According to the Salt Security State of API Security Report, 66 percent of companies have put off deploying a new app due to API security concerns. To address these concerns, Salt Labs will publish research and studies that businesses can utilize to strengthen their API security posture and prevent dangers to API-centric enterprises. Salt Labs will focus on offering high-impact threat research, identifying the latest API attack vectors, and giving remediation best practices to make API security programs more agile and actionable, using a strong technical understanding of API risks, security flaws, and misconfigurations.

“APIs represent an important and often overlooked threat vector that presents a range of challenges often not included in research efforts. We look forward to the dividends of the public research efforts of Salt Labs, which will increase our awareness of emerging API risks and help us harden our application environments to better protect both our employees and customers,” said Steve Ward, CISO, The Home Depot.

To date, the private sharing of API threat research findings has emphasized the need for further education about critical API security challenges and vulnerabilities, which are frequently assumed to be mitigated by traditional solutions like Web Application Firewalls (WAFs) and API gateways. Salt Labs’ goal is to improve users’ ability to spot security flaws in their own APIs, allowing them to take strong, proactive steps to harden their APIs and back-end systems. As a result, more businesses will be able to protect and maintain the integrity of sensitive consumer and business-critical data.

“With the growth of APIs and the central role they play in today’s application environments, the need for unbiased, relevant, and reliable research has prompted us to share the groundbreaking API security research that our team has been conducting for years. Salt Labs is dedicated to extending the safety of enterprises as they innovate in our increasingly digital and connected world. By now making this research public, we will increase education around API security and related attack vectors so that organizations of all types can strengthen their API security measures,” said Roey Eliyahu, co-founder and CEO, Salt Security.