Effective API Throttling for Enhanced API Security

APIs are the backbone of modern digital ecosystems, but their misuse can expose systems to cyber threats. Effective API throttling not only optimizes performance but also acts as a critical defense mechanism against abuse, such as denial-of-service attacks. Discover how this powerful strategy...

Top Open Source API Security Tools

The modern world relies on Application Programming Interfaces APIs. They allow applications to communicate with each other, servers, and consumers to facilitate data sharing and simplify application development. Without them, the internet would be unrecognizable. However, APIs also present a...

Protecting Against Bot-Enabled API Abuse

APIs have become the backbone of modern digital ecosystems, powering everything from mobile apps to e-commerce platforms. However, as APIs grow in importance, they also become prime targets for malicious actors. Increasingly, bots are being weaponized to exploit vulnerabilities, overwhelm systems...

Akamai Leads the Way in API Security: GigaOm Radar for API Security Report

...

CVE-2024-52523

Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active sessi...

Custom defined credentials of external storages are sent back to the frontend

None...

CVE-2024-50647

The pythonfood ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization...

Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast...

Context is King: Using API Sessions for Security Context

There’s no doubt that API security is a hot topic these days. The continued growth in API-related breaches and increase in publicized API vulnerabilities has pushed API security to the top of CISO’s lists. The tools in the market for API security still have room for improvement, of course. One of...

Qualys Web Application Scanning (WAS) Recognized as a Leader in 2024 GigaOm Radar Report for Application Security Testing (AST)

In the ever-evolving cybersecurity landscape, securing web applications and APIs is no longer an option—it’s a necessity. As organizations face increasingly complex threats, ensuring the integrity of these digital assets has become paramount. However, it’s easy to feel overwhelmed by the sheer...

CVE-2024-50334

Scoold

Reducing False Positives in API Security: Advanced Techniques Using Machine Learning

False positives in API security are a serious problem, often resulting in wasted results and time, missing real threats, alert fatigue, and operational disruption. Fortunately, however, emerging technologies like machine learning ML can help organizations minimize false positives and streamline t...

How Security Edge Revolutionizes API Security

Wallarm’s Security Edge is setting a new standard in API security—far beyond the reach of traditional Content Delivery Networks CDNs. Let’s get it straight: Security Edge is not just a new addition to the API security market; it’s a disruption. Designed to deliver fast, effective, and advanced AP...

GHSA-6H64-G7CJ-HJ56 Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint

A path traversal vulnerability exists in the api openpersonalityfolder endpoint of parisneo/lollms. This vulnerability allows an attacker to read any folder in the personalityfolder on the victim's computer, even though sanitizepath is set. The issue arises due to improper sanitization of the...

Beyond the Edge: Complementing WAAP with Always-On API Security

Learn best practices for API security — and explore why WAAP on its own isn’t enough...

Choosing the Right Deployment Option for Your API Security Solution

You need an API security solution. That much is a given although some may argue it isn’t!. While essential for business growth and innovation, APIs, or Application Programming Interfaces, expose the organizations that use them to cyber threats. Attackers are both aware of and actively exploiting...

End-to-End Security for APIs: From Development Through Retirement

...

CVE-2024-21545

Summary of CVE-2024-21545 (Proxmox VE) : A defect in Proxmox Virtual Environment allows an authenticated user with ‘Sys.Audit’ or ‘VM.Monitor’ privileges to read arbitrary host files via the API by leveraging the handle_api2_request logic that reads a local file when a malicious download object i...

lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)

Summary SSRF protection implemented in https://github.com/lobehub/lobe-chat/blob/main/src/app/api/proxy/route.ts does not consider redirect and could be bypassed when attacker provides external malicious url which redirects to internal resources like private network or loopback address. PoC 1. Ru...

GHSA-RXQ8-Q85F-M866 Prevent XSS from Confidant API call

Impact What kind of vulnerability is it? Who is impacted? Potential XSS from API calls below: GET /v1/credentials GET /v1/credentials/ GET /v1/archive/credentials/ GET /v1/archive/credentials POST /v1/credentials PUT /v1/credentials/ PUT /v1/credentials// GET /v1/services GET /v1/services/ GET...