Treblletrebllemakers.hashnode.dev·Dec 17, 2024Lessons in API Security: DocuSign’s API AbuseAPI abuse has become a significant concern in recent years, with incidents increasing by 35% over the past two years. This rise highlights cybercriminals' growing exploitation of APIs, as seen in the recent DocuSign incident. Attackers leveraged legi...api security
Treblletrebllemakers.hashnode.dev·Dec 9, 2024SSRF vs CSRF: What is Server-Side Request Forgery?Most developers will have heard of Cross-Site Request Forged (CSRF) before. It’s a constant threat that affects any website with a form or that performs any actions, and we typically have to mess around with CSRF tokens, XSRF headers, SameSite cookie...api security
Treblletrebllemakers.hashnode.dev·Dec 3, 2024A Gateway to API Observability: Treblle & Traefik Enter a Game-changing PartnershipSophisticated API runtime management paired with a smart platform that serves users the right API observability data and metrics sounds like a supremely valuable solution to API leaders and practitioners. This is why we’re extremely excited to announ...APIs
Treblletrebllemakers.hashnode.dev·Nov 27, 2024It’s an API; do I really need to escape anything?Let’s discuss escaping output with APIs, as I’ve found this is an area that’s often overlooked and may come back to bite you. I once found a vulnerability in a popular open-source project that made the unfortunate assumption that API output didn’t ne...api security
Yilia Linapi7.hashnode.dev·Nov 14, 2024API7 Enterprise v3.2.16.4 Supports Webhook/Email Alerts NotificationsTo address the surge in enterprise data volume and the increased complexity of system monitoring, API7 Enterprise has fully upgraded the alerting functionality in version 3.2.16.4. The new version introduces contact points that allow users to integra...10 likesalerting
Treblletrebllemakers.hashnode.dev·Nov 14, 2024The Hidden Dangers of API Security in Mobile AppsAs a backend PHP developer and a security consultant, the only thing that terrifies me more than a SPA on top of a stateless API is a mobile app! Authentication (and authorization) in a traditional PHP app is relatively easy: give the user a secure c...api security
Yilia Linapi7.hashnode.dev·Nov 7, 2024API7 Enterprise v3.2.16.3 Integrates with AWS Secrets ManagerIn API7 Enterprise, you may store a large amount of sensitive information, such as SSL certificates and private keys, usernames and passwords of consumer authentication credentials, and that required by certain plugins to connect to external systems....10 likesapi security
Oluwajuwon Faloreoluwajuwonfalore.hashnode.dev·Oct 26, 2024Rate Limiting in Golang: Understanding Fixed and Sliding Windows AlgorithmImagine you're at an amusement park waiting for a ride. Only a certain number of people are allowed to board each hour. If the line gets too long, anyone arriving has to wait until the next hour before they can board. This idea of restricting access ...10 likes·30 readsgolang
Yilia Linapi7.hashnode.dev·Oct 23, 2024Apache APISIX Integrates with open-appsec WAFIntroduction open-appsec WAF is excited to announce a new integration with the open-source API gateway Apache APISIX. This new collaboration between the open-appsec and API7 teams now allows users to protect their web APIs and other web services expo...Apache APISIX
Niranjan A Sniranjan-as.hashnode.dev·Oct 22, 2024Crucial API Security Guidelines for Developers 🔒In today's digital ecosystem, APIs are the backbone of web and mobile applications, enabling seamless communication between systems. However, with the increased reliance on APIs, ensuring their security is more important than ever. A security breach ...47 readsAPIs
