Why Your Deprecated Endpoints Are an Attacker’s Best Friend: The Rise of Ghost APIs

Ghost APIs are deprecated endpoints left active, exposing systems to attack. Learn how they differ from shadow APIs and why they create hidden security risks...

From Shadow APIs to Shadow AI: How the API Threat Model Is Expanding Faster Than Most Defenses

The shadow technology problem is getting worse. Over the past few years, organizations have scaled microservices, cloud-native apps, and partner integrations faster than corporate governance models could keep up, resulting in undocumented or shadow APIs. We’re now seeing this pattern all over aga...

What CISA’s BOD 25-01 Means for API Security and How Wallarm Can Help

The US government has taken another significant step towards strengthening cloud security with the release of CISA’s Binding Operational Directive BOD 25-01. Aimed at improving the security posture of federal cloud environments, BOD 25-01 mandates robust configuration, visibility, and control...

Qualys TotalAppSec Delivers AI-powered Unified Application Risk Management for Modern Web Apps and APIs

" If you can’t measure it, you can’t manage it." - This adage rings truer than ever in the world of cybersecurity. Today, the modern attack surface has exploded, fueled by APIs that now drive 83% of all web traffic, powering critical integrations, microservices, and digital experiences. Security...

API Security and The Silent Menace of Unknown APIs

The digital application landscape is evolving rapidly, with APIs as the backbone of modern software development. However, amidst all this innovation lies a silent menace: the prevalence of unknown APIs. These APIs, often lurking beyond sanctioned channels, pose significant security risks to...

APIs Drive the Majority of Internet Traffic and Cybercriminals are Taking Advantage

Application programming interfaces APIs are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in 2024 Report from Imperva, a Thales company, found that the majority of internet traffic 71% in 2023 was A...

Take Care of Orphan APIs with Wallarm

The Wallarm API Discovery module has been further enhanced to enable customers to identify Orphan APIs and bring them under management. In this post we’ll discuss what Orphan APIs are, why they matter, and how to regain control of your API portfolio. What Are Orphan APIs? Orphan APIs are endpoint...

Find APIs Hiding in the Shadows

What’s hiding in the shadows? It’s a well understood reality that unmanaged IT assets tend to be unmonitored IT assets, and that both introduce risk. Whether it’s a forgotten about application, or an unmanaged cloud storage volume, you can’t protect what you don’t know about. Attackers thrive on...

Preventing Bot Attacks and Online Fraud on APIs

The rapid proliferation of Application Programming Interfaces APIs is spearheading digital transformation, leading to explosive growth in adoption of APIs in recent years. In fact, it’s hard to think of any software that doesn’t use or is in itself, an API. By supporting swift development and...

Why Attackers Target the Government Industry

Key Takeaways: Government sites are full of information attackers want, so it’s crucial to defend them properly. DDoS is an easy tool for attackers to use to disrupt government sites, which can have far-reaching consequences, as we saw early in the Russia-Ukraine war. Remote code execution RCE...

Why Shadow APIs are More Dangerous than You Think

Shadow APIs are a growing risk for organizations of all sizes as they can mask malicious behavior and induce substantial data loss. For those that aren't familiar with the term, shadow APIs are a type of application programming interface API that isn't officially documented or supported. Contrary...

Why Attackers Target the Healthcare Industry

Key Takeaways: Personal health information PHI is an incredibly valuable category of personal data. When compromised and sold on the dark web, this data can be sold for thousands of dollars. Healthcare is a valuable target to attackers, including the group Killnet, which targeted healthcare sites...

Why Attackers Target the Financial Services Industry

This is Part 1 of a new monthly series from Imperva Threat Research exploring attackers’ motivations to target specific industries. Stay tuned for next months’ exploration of the healthcare industry! Key Takeaways Financial services sites are the most targeted , and it’s important to stay ahead o...

Discovering shadow APIs with a API firewall

Shadow APIs can be defined as active endpoints that you are not aware of. Some APIs are deployed but never documented. Others are services that don’t have an owner anymore. Some are even old v2 versions that have been deprecated for years, yet still exposed. Long story short: these APIs are not...

Discovering Shadow APIs with Wallarm API firewall

Shadow APIs can be defined as active endpoints that you are not aware of. Some APIs are deployed but never documented. Others are services that don’t have an owner anymore. Some are even old v2 versions that have been deprecated for years, yet still exposed. Long story short: these APIs are not...

Imperva to acquire CloudVector: Prioritizing API Protection for Modern Environments

I am excited to announce Imperva has entered into an agreement to acquire CloudVector to advance our mission to protect data and all paths to it. Together, we believe we can change what organizations expect from Web Application and API Protection solutions. There are multiple reasons APIs are at...

Wallarm API Discovery: Discover API endpoints automatically and secure them

What do you know about your APIs? Why are the vulnerable v2 and v3 still exposed if they are deprecated for almost a year? What else is exposed and you don’t even know? Are Swagger specs up to date? Teaser: Surely not. A lot of questions, right? Meet Wallarm’s latest feature for API Discovery and...