Beau CarnesforfreeCodeCampfreecodecamp.org·Jan 30, 2025Learn the Basics of API SecurityAPIs (Application Programming Interfaces) are the backbone of modern software applications, enabling seamless communication between different systems and services. However, this interconnectedness also makes them a prime target for cyberattacks. API ...api security
Egor Kaleiniktechandbeyond.hashnode.dev·Jan 29, 2025Beyond firewalls: How DevSecOps reinvents SaaS API securityThe rising security challenges in SaaS: Why it’s time to rethink your defense SaaS security isn’t what it used to be. The game has changed, and so have the threats. Attacks are getting faster, smarter, and more ruthless — just look at the numbers. Ac...DevSecOps
Treblletrebllemakers.hashnode.dev·Jan 20, 202530,000 APIs Exposed: Lessons from the Postman Data BreachSummary • Postman data leak exposed over 30,000 public workspaces, revealing sensitive information like API keys, tokens, and credentials due to misconfigured sharing settings. • Poor security practices, including inadequate secrets management, failu...APIs
Swarup Kanadeswarupkanade.hashnode.dev·Jan 16, 2025Spring Boot Security: How to Implement JWT Authentication with Refresh TokenJSON Web Tokens (JWT) have become the industry standard for authentication in modern web applications. This guide walks through implementing JWT authentication in a Spring Boot application, adding a refresh token mechanism for enhanced security and a...RESTful API Security
Fırat TONAKfirattonak.com·Jan 15, 2025Enhancing API Security with Middleware: Filtering and Masking Requests in .NET CoreMiddleware is a key part of how modern web apps are built, working as a middle layer that handles requests and responses. In API systems, middleware helps make things safer, work better, and follow rules about protecting data. One big problem develop...30 readsASP.NET Core SnippetsRequest Filtering
Nainaznainaz.hashnode.dev·Dec 25, 2024Security Policy - OAuth 2.0It is an Authorization protocol, that enables applications to access information on behalf of users.In Oauth, the information is accessed from the resource using an Access token. How to get the Access token?1. The application users pass the key and s...ApigeeSecurity Policy - OAuth 2.0
Nainaznainaz.hashnode.dev·Dec 23, 2024JSON Web Signature (JWS)This policy is a data structure representing a MACed (HMAC algorithm) or digitally signed message.It is signed using a shared key or public/private key.We can choose different algorithms for these.Example:- HS256 algo uses shared key.- RS256 algo use...ApigeeJSON Web Signature (JWS)
Treblletrebllemakers.hashnode.dev·Dec 17, 2024Lessons in API Security: DocuSign’s API AbuseAPI abuse has become a significant concern in recent years, with incidents increasing by 35% over the past two years. This rise highlights cybercriminals' growing exploitation of APIs, as seen in the recent DocuSign incident. Attackers leveraged legi...api security
Treblletrebllemakers.hashnode.dev·Dec 9, 2024SSRF vs CSRF: What is Server-Side Request Forgery?Most developers will have heard of Cross-Site Request Forged (CSRF) before. It’s a constant threat that affects any website with a form or that performs any actions, and we typically have to mess around with CSRF tokens, XSRF headers, SameSite cookie...api security
Treblletrebllemakers.hashnode.dev·Dec 3, 2024A Gateway to API Observability: Treblle & Traefik Enter a Game-changing PartnershipSophisticated API runtime management paired with a smart platform that serves users the right API observability data and metrics sounds like a supremely valuable solution to API leaders and practitioners. This is why we’re extremely excited to announ...APIs
