THREATX Blog

Latest THREATX Blog

Follow along for product updates, threat research, and strategies for overcoming the challenges of modern security teams.

Image
  • 06-Jul-2022

How Not to Protect APIs From Attack

It has been a couple of weeks since the return of RSA Conference to San Fran’s Moscone Center. There was a ton of energy on the floor, and those who attended were genuinely excited to be back in person. For ThreatX, it was a great opportunity to talk with a slew of security professionals about their challenges and priorities. A number of times, those we spoke with commented that APIs seemed to be a major theme at the conference. Along those lines, I’m not sure if it was intentional or not, but there was even a mini-API security tool pavilion in Moscone South where Salt Security, Noname Security, and others were a stone’s throw from one another. Beyond that, API messaging was sprinkled throughout the show floor. Including at our booth, where “API Protection” was prominently on display.

Image
  • 06-Dec-2021

Why Signature Based Detection Struggles to Keep Up With the New Attack Landscape

Change is an inherent part of cybersecurity as attackers constantly look for new ways to evade and subvert existing controls. However, every once in a while, attackers or defenders will make an evolutionary leap forward that goes beyond the incremental back and forth that normally defines the threat landscape. In these cases, security teams can find that their security tools are built for playing checkers while the attackers have moved on to playing chess.

Image
  • 21-Jun-2022

Why the Long View Matters in API Attack Protection

In API attack protection, context is key. The old-school method of looking for attack signatures then swatting away threats as they emerge will not be effective against contemporary API attacks. Attackers are sophisticated, stealthy, and patient: API attacks don’t always look overtly malicious, and attackers frequently take their time, making the long view a critical defense.

Image
  • 27-Jun-2022

How to Use API Schema to Improve API Protection

What Is an API Schema? The RESTful API design pattern is in use by an overwhelming majority of enterprise software projects that rely on machine-to-machine communication. The OpenAPI Standard, now in its third revision–OAS3–defines the functionality built into RESTful APIs, allowing automatic documentation, creation of test cases, and general “discoverability” of API resource specifications and service definitions. Colloquially, this OpenAPI Standard definition is called an API schema. API schemas are critical in microservice mesh architecture, in client-server architecture, and in a great deal of automated tooling and build system automation. They’re also quite useful for adding another layer of security to your APIs. API schemas give you the ability to define the expected usage of API endpoints, and then let you compare that definition to how they are actually being executed. With this information, you can then find the places where expectation and reality don’t match up and make informed decisions on how to respond.

Image
  • 25-May-2022

The Definitive Guide to API Attack Protection

In recent months, we’ve been fielding a lot of questions about API security from our prospects and customers. We know it’s top of mind for many security professionals today, and it’s why we were thrilled to help play a role in creating The Definitive Guide to API Attack Protection. This new book, authored by Crystal Bedell and published by Cyber Edge Press, is your roadmap to understanding APIs and what it takes to protect them. In six easy-to-read chapters filled with illustrations and sidebars, this Definitive Guide answers:

Image
  • 02-Jun-2022

Broken Object Level Authorization

No. 1 on the OWASP Top 10 List of Critical API Security Risks, broken object level authorization or BOLA is both a dangerous and common API security vulnerability. OWASP says of BOLA: “Attackers can exploit API endpoints that are vulnerable to broken object level authorization by manipulating the ID of an object that is sent within the request. This may lead to unauthorized access to sensitive data. This issue is extremely common in API-based applications because the server component usually does not fully track the client’s state, and instead, relies more on parameters like object IDs, that are sent from the client to decide which objects to access.”?

© 2021 SRC Cyber Solutions LLP. All Rights Reserved.