The Inside Trace

Categories
Date Posted
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

tag

tag

Help, I'm Being Attacked: Why WAFs & Gateways Won't Stop the Next API Attack

Help, I'm Being Attacked: Why WAFs & Gateways Won't Stop the Next API Attack

Many organizations mistakenly believe that Web Application Firewalls (WAFs) or API gateways provide sufficient protection against API attacks. While these tools offer useful traffic management and basic security features, they fall short when it comes to defending against more sophisticated API threats. WAFs are designed for web applications, not the complex logic and workflows of APIs, leaving them vulnerable to business logic and shadow API attacks. Similarly, API gateways, while helpful for managing API traffic and authentication, often miss critical vulnerabilities. Understanding the limitations of WAFs and gateways is the first step in strengthening your API security strategy.
Foundations
API-Security
App Security

October 24, 2024

Let’s Face It - Criminals are bypassing selfie verification in Know Your Customer processes

Let’s Face It - Criminals are bypassing selfie verification in Know Your Customer processes

Explore how criminals are exploiting selfie verification in Know Your Customer (KYC) processes for neobanks. Learn about the risks, current bypass techniques, and potential solutions for more secure digital identity verification in fintech.
API-Security
Generative AI

October 14, 2024

API Security: The Unseen Risk Threatening Australian Businesses

API Security: The Unseen Risk Threatening Australian Businesses

Explore who owns API security in modern Australian enterprises, key stakeholders involved, and how regulations like APRA and SOCI shape security practices. Learn about evolving responsibilities and emerging challenges in API governance
API-Security
API Security Ownership

October 8, 2024

Why "Check-the-Box” Solutions Are Insufficient for API Security

Why "Check-the-Box” Solutions Are Insufficient for API Security

Why “Check-the-Box” Solutions Are Insufficient for API Security
Compliance
API-Security

September 27, 2024

Securing Third Party APIs is Critical for Modern Business

Securing Third Party APIs is Critical for Modern Business

Third-party APIs are essential for modern businesses but pose security risks, including data breaches, service disruptions, and regulatory violations. Poorly secured APIs expose organizations to attacks, compliance failures, and reputational damage. Protecting APIs is a business imperative, requiring proactive security measures to safeguard sensitive data and maintain service stability.
Blog
Foundations

September 20, 2024

Service Now RCE - The Three Keys to ServiceNow's Data Vault

Service Now RCE - The Three Keys to ServiceNow's Data Vault

ServiceNow recently patched critical vulnerabilities (CVE-2024-4879, CVE-2024-5178, CVE-2024-5217) that allow remote code execution and sensitive file reads. Exploits involve server-side template injection using Apache Jelly. Traceable has deployed protection mechanisms to safeguard against these threats.
Security Research
Traceable ASPEN

September 3, 2024

Securing Generative AI-Enabled Applications: Crawl - Walk - Run Strategy for Product Security

Securing Generative AI-Enabled Applications: Crawl - Walk - Run Strategy for Product Security

Buzz around generative AI security is at an all-time high, but most security pros are still in “listen and learn” mode when it comes to securing generative AI in their applications. So when is it time to get serious about securing generative AI in your applications, and what steps should you take? This post outlines a Crawl - Walk - Run approach for product and application security pros when it comes to securing generative AI-enabled applications.
Generative AI

September 6, 2024

Announcing Traceable API Inspector

Announcing Traceable API Inspector

Empowering API Security with Deep Inspection
API Inspector
News
API-Security
Blog
Developer

Traceable API Security Platform Updates - June & July 2024

Traceable API Security Platform Updates - June & July 2024

This past month’s releases include major improvements to data classification, UX improvements for API catalog, AST changes, and a new threat activity UI for improved visibility and more efficient analysis.
Releases

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

APIs are essential for modern web applications, but they also introduce significant security challenges. Even large enterprises can fall prey to simple API vulnerabilities, as demonstrated by Traceable's discovery of a critical security flaw in Honeywell’s BEDQ system. This incident underscores the importance of robust API security measures.
Traceable ASPEN
Security Research

August 19, 2024

Organizing API Security Around the NIST Cybersecurity Framework

Organizing API Security Around the NIST Cybersecurity Framework

Explore how the NIST Cybersecurity Framework 2.0 can revolutionize your API security strategy. This guide outlines key functions and activities for securing APIs, including risk identification, protection measures, real-time detection, incident response, and recovery processes. Enhance your organization's API security posture and protect critical data with actionable insights and best practices.
API-Security
API Security Ownership

August 2, 2024

Navigating the Road to Automotive Security

Navigating the Road to Automotive Security

In today's connected world, automobiles are complex systems driven by APIs, but this brings risks; Traceable ASPEN's latest research highlights urgent automotive security needs by analyzing recent vulnerabilities, including real-time vehicle tracking and data breaches.
API-Security
Security Research
Traceable ASPEN

July 23, 2024

Who Owns API Security? Introducing the Key Players

Who Owns API Security? Introducing the Key Players

In modern application development, APIs (Application Programming Interfaces) are pivotal for connectivity and functionality. However, with their rising usage, API security risks also escalate. Ensuring API security isn't the duty of a single individual or team; it necessitates collaboration among multiple stakeholders. From CISOs to heads of enterprise architecture and product security, this blog delves into the key players and their roles in crafting a robust API security program.
API Security Ownership

July 18, 2024

The Regulators Are Coming for Your Washing Machine App

The Regulators Are Coming for Your Washing Machine App

The Product Security and Telecommunications Infrastructure (PSTI) Act 2022 and the Security Requirements for Relevant Connectable Products Regulations 2023 are setting new standards for IoT device security in the UK. These regulations mandate manufacturers to secure hardware, software, and APIs against breaches, prohibit default passwords, ensure secure storage of API keys, and implement vulnerability management processes. Learn how these laws impact IoT manufacturers and the steps needed for compliance.
Breach Analysis
Security Research

July 30, 2024

December Software Release

December Software Release

December was an extremely busy month for Traceable as we worked with customers to protect their environments from the Log4Shell vulnerability.
Releases

February 15, 2022

Traceable API Security Platform Updates - May 2024

Traceable API Security Platform Updates - May 2024

Traceable, a leading API security platform, has released major updates in May 2024, including new compliance policies and issues dashboard, fine-grained filters for targeted API security testing, and enhancements to credential stuffing and volumetric attack detection. These updates empower organizations to maintain API compliance, conduct targeted security testing, and combat advanced API threats effectively.
Releases

June 20, 2024

API Security Masterclass Recap: Where Are All the APIs, Anyway?

API Security Masterclass Recap: Where Are All the APIs, Anyway?

Missed our API Security Masterclass covering the wild world of APIs? No worries! We'll recap the key takeaways on API types, security challenges, API sprawl, and the importance of API reconnaissance. Learn why developers love APIs, how to identify common API vulnerabilities, and start mapping your API attack surface for better protection.
API-Security

February 29, 2024

How to Implement Zero Trust Security in your Applications: A Tutorial

How to Implement Zero Trust Security in your Applications: A Tutorial

Zero trust security is the best answer to modern security threats. Learn how to adopt a zero trust security model in your applications and how Traceable AI can help.
API-Security

July 1, 2022

eBPF and API Security with Traceable

eBPF and API Security with Traceable

eBPF promises to radically advance what our infrastructure, application, and security tools will be able to do. Here’s some background on what eBPF is, how it works, and why Traceable is the leading API Security solution working with eBPF.
API-Security
Technology

July 15, 2022

How to Create Your First Next.js Serverless App

How to Create Your First Next.js Serverless App

This post will walk you through how to create a next js serverless app from scratch. You'll learn how to combine and use Next.js and MongoDB.
API-Security

June 23, 2022

API Breaches: What Should I Know and How Can I Prevent Them?

API Breaches: What Should I Know and How Can I Prevent Them?

It's difficult to implement all the best practices for every possible attack vector, especially since new vulnerabilities are always being discovered. That doesn't mean you shouldn't try.
API-Security

June 30, 2022

GraphQL Fragments: How to Simplify Your API Definitions

GraphQL Fragments: How to Simplify Your API Definitions

What are GraphQL Fragments? How can you take advantage if them to write cleaner code and more efficient applications? Find out here.
API-Security

May 11, 2022

How to Think About and Test API Latency

How to Think About and Test API Latency

In this post, we'll look at API latency including how you measure it, the difference between API response time and API latency, and more.
API-Security

April 15, 2022

Deploying Serverless Applications: The What and How

Deploying Serverless Applications: The What and How

In this article, we'll discuss the benefits of serverless architectures and go through some of the best practices for deploying serverless applications.
No items found.

April 15, 2022

How to Secure Microservices: The 6 Things You Can't Forget

How to Secure Microservices: The 6 Things You Can't Forget

Thinking about how to secure microservices? In this article you'll find 6 things you can't forget when it comes to microservices security.
API-Security

April 1, 2022

March | Traceable AI Feature Release

March | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, local hosting for EU/Asia and support for agentless deployments.
Releases

April 6, 2022

Monolithic vs. Microservices Architecture: Which Should I Use?

Monolithic vs. Microservices Architecture: Which Should I Use?

In this post we learn about monolithic vs microservices architectures and understand which to use and when.
No items found.

March 25, 2022

Serverless vs Containers: What's Right for Your Application?

Serverless vs Containers: What's Right for Your Application?

Serverless vs containers: Which one is right for your application? Learn more about these two main approaches to deploying applications.
API-Security

March 29, 2022

What is a CRUD API?

What is a CRUD API?

This post explains what a CRUD API is and how to apply it to different use cases to protect and interact with data in very specific ways.
API-Security

March 28, 2022

How to Mitigate DDoS Attacks on Your APIs

How to Mitigate DDoS Attacks on Your APIs

Learn what DDoS is and what it can do to your API endpoints, how to mitigate DDOS attacks, and build a security response.
API-Security

March 20, 2022

How to Filter Using GraphQL: A Simple Tutorial

How to Filter Using GraphQL: A Simple Tutorial

GraphQL offers a much more efficient, powerful alternative to REST
No items found.

March 18, 2022

5 Best Threat Hunting Tools for Your Security Team

5 Best Threat Hunting Tools for Your Security Team

We now have advanced tools that can make threat hunting easier and more accessible. In this post, learn about 5 threat hunting tools for API security.
API-Security

March 21, 2022

What Is Business Logic? The Inquisitive Reader's Guide

What Is Business Logic? The Inquisitive Reader's Guide

When you build application software and APIs, you'll often hear about "business logic." In this post you'll learn everything about it.
API Sprawl

March 16, 2022

A Beginner's Guide to API Governance

A Beginner's Guide to API Governance

API governance involves sticking to a set of principles when building an API. It's crucial since apps, organizations, and data sources will use the API.
API-Security

March 7, 2022

February | Traceable AI Feature Release

February | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, new support for AWS Lambda serverless architecture and new privacy features for managing sensitive data.
Releases

March 18, 2022

How Can I Achieve API Compliance?

How Can I Achieve API Compliance?

The world of API compliance is more important than ever today. In this post, dig deeper into API compliance and its importance.
API-Security

March 14, 2022

What is Network Traffic Analysis?

What is Network Traffic Analysis?

Learn about Network Traffic Analysis, its importance and different strengths and weaknesses.
API-Security

March 15, 2022

4 API Security Best Practices

4 API Security Best Practices

API security is a fundamental part of web applications. It is a great tool to help protect your apps, your business, and your users.
API-Security

March 13, 2022

How to Design Delightful API Architectures

How to Design Delightful API Architectures

delightful-api-architectures
API-Security

March 8, 2022

Sensitive Data Exposure: Why It Hurts

Sensitive Data Exposure: Why It Hurts

It’s very important that we think about how not to expose sensitive data, and that’s what this article is about: Sensitive Data Exposure.
API-Security

March 7, 2022

3 API Vulnerabilities to Look Out For

3 API Vulnerabilities to Look Out For

Every week, new API vulnerabilities are open to attackers. API security is essential, especially for those who depend on them.
API-Security

March 2, 2022

What Is API Ownership and How Can It Help Your Team?

What Is API Ownership and How Can It Help Your Team?

A guide about API ownership for leadership, senior engineers, security experts, and product managers to make/work better together.
API-Security

March 6, 2022

Microservice Security Principles and Best Practices

Microservice Security Principles and Best Practices

In this post, you'll learn about the most important microservices security principles and some best practices.
API-Security

March 2, 2022

Web API Security: Rule-Based and Signature-Based Only Security Isn’t Good Enough

Web API Security: Rule-Based and Signature-Based Only Security Isn’t Good Enough

Attackers have learned to defeat traditional ‘moat around the castle’ perimeter defenses. Modern application security tools offer the answer: distributed tracing and AI that understands the app they protect.
API-Security
App Security

May 12, 2021

Traceable Defense AI M8 Released

Traceable Defense AI M8 Released

Easier deployment process, extended agent support, extended API Intelligence, easier to find problems, protection additions, improved UX around threat hunting, ability to isolate per environment
Releases

April 11, 2021

AWS WAF and CloudFront: How to Use Them Together

AWS WAF and CloudFront: How to Use Them Together

Security is really important. There is nothing like the gut-wrenching feeling of exposing users' data. However, security isn't the most exciting part of web development and is often ignored. Using AWS CloudFront and AWS WAF together, you can add some security to your sites with less work and focus on making features for your users.In this post, I'll provide some information about AWS CloudFront, AWS WAF, and SQL injection.
API-Security
Cloud Native
Developer
Technology

September 16, 2021

The Latest API Security Trends in the Financial Sector: A CISO's Perspective

The Latest API Security Trends in the Financial Sector: A CISO's Perspective

In this blog post, former CISO and security executive Richard Bird shares his insights on the latest API security trends in the financial sector. Drawing from Traceable's groundbreaking report, "The State of API Security in Financial Services," Bird highlights the alarming findings and the critical need for financial institutions to prioritize API security.
State of API Security

June 12, 2024

Critical PHP CGI Argument Injection Vulnerability (CVE-2024-4577) Leads to Remote Code Execution

Critical PHP CGI Argument Injection Vulnerability (CVE-2024-4577) Leads to Remote Code Execution

Researchers have identified a critical remote code execution vulnerability in PHP, known as CVE-2024-4577. This flaw, affecting PHP installations on Windows, exploits a Unicode processing oversight, allowing attackers to inject arbitrary command-line arguments. With a CVSS score of 9.8, it poses a severe threat to server security. Read on to understand the vulnerability, its impact, and essential protective measures.
Traceable ASPEN

June 12, 2024

Traceable + Wiz: Supercharging Threat Detection with Complete Cloud and API Context

Traceable + Wiz: Supercharging Threat Detection with Complete Cloud and API Context

Enhance your threat detection capabilities with Traceable and Wiz's powerful integration. By uniting API and cloud security contexts, this partnership provides unparalleled threat correlation, prioritization, and incident response for cloud-native applications. Discover how eBPF technology and comprehensive data analysis secure your applications from code to cloud.
Cloud Native
Releases

June 6, 2024

Lessons in Securing Mobility Site Management APIs

Lessons in Securing Mobility Site Management APIs

Mobile device management systems (MDMs) are a staple in any large enterprise IT toolkit. When your organization has a large number of employees, it’s important to keep a catalog of all devices that have access to the corporate network.
Security Research
Traceable ASPEN

May 16, 2024

Traceable Co-founder Reveals Key Drivers Behind the Company's Rapid Growth

Traceable Co-founder Reveals Key Drivers Behind the Company's Rapid Growth

In a recent interview with the NYSE at the RSA Conference 2024, Traceable co-founder and CTO Sanjay Nagaraj provided a deep dive into the factors fueling the company's remarkable success since its launch in 2018.
Company
Generative AI
News

June 11, 2024

The State of API Security at RSA 2024: Alarming Trends and Insights

The State of API Security at RSA 2024: Alarming Trends and Insights

The RSA Conference 2024 survey of over 125 cybersecurity professionals uncovers the current state of API security, highlighting the challenges organizations face in securing their API ecosystems. The findings emphasize the need for a holistic approach to API security, focusing on collaboration, governance, and proactive measures. As digital transformation accelerates, prioritizing API security is crucial for building resilient systems and driving innovation.
State of API Security

June 3, 2024

Traceable API Security Platform Updates - April 2024

Traceable API Security Platform Updates - April 2024

Get the latest on Traceable's platform updates for April 2024, focusing on advancements in API security. Learn about Generative AI API Security, addressing emerging risks in AI-driven apps. Discover how DAST for GraphQL APIs boosts vulnerability scanning and simplifies workflows with JIRA Data Center Integration. Benefit from enhanced vulnerability resolution and extended data retention for proactive system protection.
Releases

May 10, 2024

Airing Dirty Laundry: How API Flaws Allowed Students to do their Laundry for Free

Airing Dirty Laundry: How API Flaws Allowed Students to do their Laundry for Free

Many consumers are big fans of smart appliances and toys for their ease of use and integration into their smart home setups. However, whenever you can remotely access your smart device, there is always a chance that someone else can too if the manufacturer has not implemented proper security measures. One such incident has caused a wave of media coverage recently - a connected/smart laundry system created by CSC ServiceWorks could be tricked into giving free laundry cycles.
Breach Analysis
Security Research
Traceable ASPEN

May 30, 2024

The Confluence Of Fraud Prevention and AppSec Through API Security

The Confluence Of Fraud Prevention and AppSec Through API Security

APIs have become the primary way applications exchange data, making them a prime target for fraudsters. However, the same APIs can also be used to detect and prevent fraud. Learn how API security platforms can help businesses consolidate their bot and fraud mitigation efforts to protect their applications and sensitive data.
Fraud

May 22, 2024

API Security Masterclass Recap: Your Guide to the OWASP API Top 10

API Security Masterclass Recap: Your Guide to the OWASP API Top 10

Missed the live API security masterclass webinar? Don't worry! Our blog recap covers the OWASP API Top 10 and offers essential API security best practices. Discover the most critical API vulnerabilities, expert strategies for finding and addressing them, and learn the vital principles for protecting your valuable APIs.
Foundations

April 30, 2024

Critical Flaw Exposed: Understanding CVE-2024-3400 in PAN-OS GlobalProtect

Critical Flaw Exposed: Understanding CVE-2024-3400 in PAN-OS GlobalProtect

CVE-2024-3400 targets Palo Alto GlobalProtect, allowing attackers to write arbitrary files and execute system commands. Upgrade PAN-OS immediately and learn best practices for preventing future exploits.
Breach Analysis
Security Research
Traceable ASPEN

April 23, 2024

API Security: What Every Developer Needs to Know

API Security: What Every Developer Needs to Know

APIs are the backbone of modern apps. Learn crucial API security principles to defend against OWASP Top 10 vulnerabilities, implement robust authentication, and ensure data protection.
API-Security
Developer
Foundations

April 19, 2024

API Summit 2024: Security Challenges, AI, and What's Next

API Summit 2024: Security Challenges, AI, and What's Next

API security isn't always top of mind. Here's what I learned about the challenges and the latest trends from the API Summit.
API-Security
Developer
News

March 28, 2024

To Secure Generative AI Applications, Start with Your APIs

To Secure Generative AI Applications, Start with Your APIs

The rise of generative AI brings new security challenges. Learn how API security can mitigate risks like prompt injection, sensitive data disclosure, and insecure output handling in your LLM-powered applications.
Generative AI
LLM

March 27, 2024

Traceable API Security Platform Updates - March 2024

Traceable API Security Platform Updates - March 2024

Traceable's March 2024 release delivers major API security upgrades. Dig deeper into security events with enhanced analytics, block new attack vectors like GraphQL introspection and SSTI, and seamlessly integrate with F5 ASM WAF for extended protection.
Releases

April 10, 2024

Context-Aware Security as the Key Driver for Enhancing API Security in 2024

Context-Aware Security as the Key Driver for Enhancing API Security in 2024

APIs are evolving, and so is API security. Context-aware security analyzes user behavior, data sensitivity, and environmental factors for real-time threat responses. Discover why it's the future of API protection in this comprehensive blog post.
API-Security
Generative AI

March 17, 2024

Data Poisoning: How API Vulnerabilities Compromise LLM Data Integrity

Data Poisoning: How API Vulnerabilities Compromise LLM Data Integrity

Data poisoning is a growing threat to LLMs. Learn how attackers exploit API weaknesses to corrupt AI data. This blog covers types of attacks, their impact, and essential API security measures to protect the integrity of your AI models.
API-Security
Generative AI

March 16, 2024

Traceable API Security Platform Updates - February 2024

Traceable API Security Platform Updates - February 2024

Releases

March 7, 2024

Webinar Recap: API Security Predictions 2024: The Critical Crossroads is Here

Webinar Recap: API Security Predictions 2024: The Critical Crossroads is Here

APIs are the backbone of digital innovation, but they're under attack. Learn the shocking API breach statistics from Traceable's 2023 report and the key trends experts predict will reshape API security in 2024.
API-Security
State of API Security

March 16, 2024

Navigating the Maze: Understanding API Sprawl and Its Implications

Navigating the Maze: Understanding API Sprawl and Its Implications

API sprawl hinders the efficiency and security of modern digital ecosystems. Explore the causes of sprawl, its potential consequences, and how to proactively manage your API environment for improved security and operational success.
API Sprawl
Blog

March 25, 2024

Weekly Cybersecurity Roundup: Week of March 15, 2024

Weekly Cybersecurity Roundup: Week of March 15, 2024

This week's cybersecurity news reveals API vulnerabilities in healthcare AI, massive credential leaks, and the importance of data breach verification. Read our roundup to learn more.
News

March 17, 2024

Traceable ASPEN: Leading the Charge in API Security Research

Traceable ASPEN: Leading the Charge in API Security Research

Traceable launches Traceable ASPEN, a specialized research team dedicated to revolutionizing API security. Discover how Traceable ASPEN is tackling API sprawl, vulnerability discovery, and threat intelligence. Meet our expert team of security professionals, including OWASP project leaders and industry researchers. Stay ahead of the API security curve with Traceable ASPEN's groundbreaking research and insights.
Traceable ASPEN

February 29, 2024

PCI-DSS 4.0 Simplified with Traceable

PCI-DSS 4.0 Simplified with Traceable

Explore simplified PCI-DSS 4.0 compliance strategies designed to enhance data protection. Elevate security measures effortlessly with expert guidance, ensuring seamless adherence to industry standards.
API-Security
PCI DSS Compliance

February 14, 2024

Angular-ing for AuthZ, Problematic anti-patterns in Single Sign On Systems

Angular-ing for AuthZ, Problematic anti-patterns in Single Sign On Systems

Critical SSO Vulnerability Exposed in Fortune 500 Application. Researchers discovered a flaw in Single Sign-On implementation that could have compromised millions of user records. Learn about SSO security risks, essential fixes, and how to protect your APIs from similar attacks.
Security Research
Traceable ASPEN

March 5, 2024

Don't Let Your APIs Get Ghosted: How to Tackle API Sprawl and Unknown APIs

Don't Let Your APIs Get Ghosted: How to Tackle API Sprawl and Unknown APIs

Explore the complexities of API sprawl and its impact on organizational security in this insightful blog post. Discover how unknown APIs—Shadow, Zombie, and Ghost APIs—contribute to API sprawl and learn strategies for mitigating their risks.
API-Security

February 14, 2024

Traceable API Security Platform Updates - January 2024

Traceable API Security Platform Updates - January 2024

Discover Traceable's latest product updates, designed to elevate your API security testing program. With new features like API Security Testing Suites, enhanced analytics for deeper investigation, and integrations with leading security tools, Traceable empowers you to stay ahead of evolving threats and protect your APIs with confidence.
Company
Releases

February 7, 2024

Unlocking the Power of eBPF at Traceable

Unlocking the Power of eBPF at Traceable

Discover how eBPF's kernel-level operation enables efficient data collection and analysis, making it an essential tool for modern network and security professionals. Perfect for tech enthusiasts and professionals, this blog demystifies eBPF and highlights its critical role in enhancing API traffic monitoring and security.
API-Security

January 11, 2024

Open APIs Explained: Their Impact on Business and Technology

Open APIs Explained: Their Impact on Business and Technology

Explore 'Open APIs Explained: Their Impact on Business and Technology' to understand how Open APIs drive innovation and impact tech and business. Learn about their benefits, practical applications, and essential security measures for effective and safe API integration.
API-Security
State of API Security

January 27, 2024

The Wake-Up Call: Navigating the Aftermath of the "Mother of All Breaches"

The Wake-Up Call: Navigating the Aftermath of the "Mother of All Breaches"

As we observe Data Privacy Week, a time dedicated to highlighting the critical importance of data protection, the cybersecurity world is confronted with a monumental event: the “Mother of All Breaches,” a massive data breach compromising 26 billion records.
API-Security
Breach Analysis

January 26, 2024

The Biggest Data Breaches Aren’t Even Breaches Anymore: The Rise of the Scraped Data Breach

The Biggest Data Breaches Aren’t Even Breaches Anymore: The Rise of the Scraped Data Breach

Discover the shift from traditional data breaches to the rise of scraped data breaches in our latest blog. Understand the nuances of data scraping, its challenges, and the sophisticated tactics used by attackers. Learn about the importance of early detection, proactive measures, and GDPR implications.
Breach Analysis

January 24, 2024

Holiday Hacks: Unraveling API Exploits Fueling Digital Fraud

Holiday Hacks: Unraveling API Exploits Fueling Digital Fraud

Delve into 'Holiday Hacks: Unraveling API Exploits Fueling Digital Fraud' to master ecommerce API security this holiday season. Discover practical tips for detecting and preventing common API vulnerabilities that lead to digital fraud, using tools like OWASP Juice Shop and Burp Suite. This blog guides you through safeguarding your online platform against sophisticated cyber threats during the busiest shopping period.
Breach Analysis
Foundations

December 13, 2023

Traceable API Security Platform Updates - November 2023

Traceable API Security Platform Updates - November 2023

In November we focused on making the use and sharing of analytics queries easier and more powerful, providing more details for each detected threat to help with more timely fixes, increasing our blocking capabilities with WAF integrations and third-party transactions, and adding to our out-of-band data collection flexibility. Here are some details on these exciting additions that happened in November 2023.
Releases

December 7, 2023

2023 API Security Trends Revealed: Insights, Risks, and Strategies

2023 API Security Trends Revealed: Insights, Risks, and Strategies

Dive into the essentials of API security with our analysis based on Traceable's State of API Security Report 2023. Gain insights from over 1700 cybersecurity experts on API vulnerabilities, data breaches, and cloud security challenges. Learn about effective API risk management and the importance of security testing in today's digital ecosystems. Ideal for IT professionals and business leaders, this article is a concise guide to understanding and enhancing API security in the digital transformation era.
State of API Security

December 7, 2023

Apache Struts Strikes Again! From Path Traversal to Remote Code Execution

Apache Struts Strikes Again! From Path Traversal to Remote Code Execution

Discover the critical insights into the latest Apache Struts vulnerability, CVE-2023-50164, in our comprehensive blog by Soujanya Namburi. Uncover the details of this high-severity security flaw, which marks the most significant concern for Apache Struts since the notorious 2017 Equifax breach.
Security Research

January 10, 2024

Agentless API Security in Google Cloud

Agentless API Security in Google Cloud

We are very excited to announce Traceable’s latest integration with Google Cloud application load balancers to provide agentless API security in Google Cloud. At Google Cloud Next ’23, Traceable  partnered with the Service Extensions team and now with the release of service extension’s public preview, Traceable customers can seamlessly integrate with Google Cloud’s application load balancers to secure all API traffic passing through them.
API-Security
Cloud Native

November 18, 2023

Dizzy Keys: Why API Key Rotation Matters

Dizzy Keys: Why API Key Rotation Matters

Dive into the essentials of API key security with our in-depth guide. Understand the significance of API key management through real-world examples. Discover the importance of regular rotation and secure handling of API keys to prevent unauthorized access and protect digital ecosystems. This article is a must-read for cybersecurity professionals and anyone interested in safeguarding their online interactions against potential threats.
API-Security
Foundations

December 5, 2023

Securing the Checkout: API Security Strategies for E-Commerce Platforms

Securing the Checkout: API Security Strategies for E-Commerce Platforms

Discover essential strategies for ecommerce security in our guide, focusing on common vulnerabilities and their solutions. Learn about technical and business logic issues, brute force attacks, and race conditions, and how to tackle them effectively. Gain insights into the benefits of all-in-one security platforms, with a spotlight on Traceable, an API security platform ideal for ecommerce. This article is a must-read for business owners and security professionals looking to fortify their online retail platforms against digital threats.
API-Security
Foundations

November 21, 2023

Traceable API Security Platform Updates - October 2023

Traceable API Security Platform Updates - October 2023

In October the Traceable team was busy releasing a monster set of great additions and enhancements. From industry-first deep visibility into encrypted gRPC calls, to tracking and getting notifications on almost any important system event, to new ways to search and filter, and even save and share your query results, to optimization of how external control points are used. There is a treat for everyone in October’s releases. Here are some details on these exciting additions that happened in October 2023.
Releases

November 8, 2023

The US Open Banking Rule: A New Era of Financial Data Sharing and the Role of Open APIs

The US Open Banking Rule: A New Era of Financial Data Sharing and the Role of Open APIs

Explore the transformative power of open banking in the U.S. and its potential to reshape the global financial landscape. Dive deep into the U.S. Open Banking Rule, the CFPB's draft rule, and the pivotal role of open APIs. Understand the benefits, challenges, and future implications of this financial revolution.
API-Security
News

October 23, 2023

Decoding and Defending Against Broken Object Level Authorization (BOLA)

Decoding and Defending Against Broken Object Level Authorization (BOLA)

Broken Object Level Authorization (BOLA) remains a critical vulnerability in API security, highlighted in the OWASP API Top 10. BOLA occurs when users access or manipulate resources beyond their permissions. This article delves into how BOLA manifests in APIs, its impact, and effective strategies for mitigation, emphasizing the need for comprehensive access control and vigilant application security programs.
Foundations

November 14, 2023

Traceable API Security Platform Updates - September 2023

Traceable API Security Platform Updates - September 2023

In September the Traceable AI team focused on making API testing easier to set up for those who can’t use auto-configuration, added new threat analysis primitives that help streamline discoveries while threat hunting, and improved the user experience around table-supported explorations. Here are some details on these exciting additions that happened in September 2023.
Releases

October 4, 2023

How Traceable Aligns to Forrester's Eight Components of API Security

How Traceable Aligns to Forrester's Eight Components of API Security

Explore how Traceable aligns with Forrester's comprehensive report on the eight essential components of API security. In an era where APIs drive innovation and business growth, their security becomes paramount. Dive deep into the challenges of API security, from the rise of malicious bots to the limitations of traditional tools. Discover how Traceable's platform addresses each of Forrester's recommendations, offering solutions from API governance to securing third-party APIs. Stay ahead in the digital transformation journey with insights on robust API protection strategies.
API-Security

October 18, 2023

President Biden's Executive Order on Artificial Intelligence: A Cybersecurity Perspective

President Biden's Executive Order on Artificial Intelligence: A Cybersecurity Perspective

Explore the pivotal role of APIs in the execution of President Biden's Executive Order on AI, which aims to position the United States at the forefront of artificial intelligence innovation. Understand how APIs enhance AI interoperability, scalability, and accessibility, ensuring secure and efficient deployment across various sectors. Dive into the nuances of the Order's strategy for a trustworthy AI ecosystem that aligns with American values and interests.
API-Security
Generative AI
News

October 30, 2023

Another Milestone! Traceable Wins the 2023 Cybersecurity Breakthrough Award

Another Milestone! Traceable Wins the 2023 Cybersecurity Breakthrough Award

Explore Traceable's award-winning approach to API security, celebrated by the 2023 CyberSecurity Breakthrough Award. Understand the pivotal role and vulnerabilities of APIs in cybersecurity, and discover how Traceable’s innovative Zero Trust API Access (ZTAA) provides unparalleled, future-proof protection for organizations in the intricate digital landscape.
API-Security
Company
News

October 13, 2023

Why I Joined Traceable

Why I Joined Traceable

I’m pleased to announce that I have officially joined the Traceable AI team! If you follow me this news probably doesn’t come as a surprise, I’ve worked with the Traceable team for a few years externally on webinars, blog posts and videos. So, I’m really pleased to be joining the team as an API security content creator!
Blog

October 25, 2023

Traceable API Security Platform Updates - August 2023

Traceable API Security Platform Updates - August 2023

The Traceable AI team showed once again how radically customer-focused we are with a release chock full of customer-requested and customer-inspired enhancements. Here are some of the exciting additions that happened in August 2023.
Releases

September 8, 2023

My Journey With Traceable Begins

My Journey With Traceable Begins

The emergence of cloud-native infrastructures, microservices-based application design, API-driven architectures, and generative AI are creating a tidal wave of change. After closely monitoring these tectonic shifts, I am confident that now is the time for cybersecurity to operate at an entirely new level of effectiveness. It is crucial to transition to a company that understands this vision.
Company
News

October 6, 2023

Report Recap: A Glimpse into NTT's 2023 Global Threat Intelligence Report

Report Recap: A Glimpse into NTT's 2023 Global Threat Intelligence Report

Explore crucial findings from the NTT Global Threat Intelligence Report 2023, highlighting pivotal cybersecurity insights, strategies, and impacts. Navigate through the complex digital threat landscape, understanding key sectors under attack and safeguarding strategies against persistent cyber threats.
News

October 10, 2023

Navigating the Nebulous: State of API Security Reveals Recommendations for Secure API Ecosystems

Navigating the Nebulous: State of API Security Reveals Recommendations for Secure API Ecosystems

Despite their pivotal role in our digital ecosystems, our recent State of API Security report revealed startling findings about the unknown risks associated with APIs and the gaps in organizational preparedness.
State of API Security

September 17, 2023

Traceable Named a Winner of the Prestigious SINET16 Innovator Award

Traceable Named a Winner of the Prestigious SINET16 Innovator Award

We are thrilled to share that Traceable has been recognized as one of the top innovators in the cybersecurity industry by SINET, securing a spot in the esteemed SINET16 Innovator Award. This accolade is not just a testament to our commitment to excellence but also a reflection of our relentless pursuit of innovation in the cybersecurity domain.
Company
News

September 8, 2023

Manage your external attack surface with new Traceable Sonar

Manage your external attack surface with new Traceable Sonar

Traceable Sonar efficiently identifies and catalogs these assets, granting security teams a panoramic view of their external attack surface. But it doesn't stop at discovery. Sonar delves deep into these assets, pinpointing vulnerabilities an attacker might exploit. By mirroring the probing techniques attackers use, Traceable Sonar equips organizations with critical insights into potential security loopholes.
API-Security
Releases

August 25, 2023

Traceable API Security Platform Updates - July 2023

Traceable API Security Platform Updates - July 2023

The Traceable AI team has been busy adding new capabilities and enhancing existing ones to better meet your API Security needs. Here is a sampling of some of the additions in July 2023.
Releases

August 17, 2023

Unveiling the 2023 State of API Security: A Panoramic Industry View

Unveiling the 2023 State of API Security: A Panoramic Industry View

The 2023 State of API Security: A Global Study on the Reality of API Risk: This report is a labor of profound research and hard work, delving into intricate matters such as API-related data breaches, the growing concern of API sprawl, API ownership, and the risks of fraud and abuse, as well as the growing role of Zero Trust in API Security initiatives.
Company
Foundations
News

September 8, 2023

No Results Found

Compliance
API Inspector
API Security Ownership
Blog
Technology
PCI DSS Compliance
Observability
LLM
Foundations
Developer
API Sprawl
Fraud
Security Research
Breach Analysis
News
Generative AI
Company
Traceable ASPEN
State of API Security
Releases
App Security
API-Security
Cloud Native

Let’s Face It - Criminals are bypassing selfie verification in Know Your Customer processes

Explore how criminals are exploiting selfie verification in Know Your Customer (KYC) processes for neobanks. Learn about the risks, current bypass techniques, and potential solutions for more secure digital identity verification in fintech.

October 14, 2024

Help, I'm Being Attacked: Why WAFs & Gateways Won't Stop the Next API Attack

Many organizations mistakenly believe that Web Application Firewalls (WAFs) or API gateways provide sufficient protection against API attacks. While these tools offer useful traffic management and basic security features, they fall short when it comes to defending against more sophisticated API threats. WAFs are designed for web applications, not the complex logic and workflows of APIs, leaving them vulnerable to business logic and shadow API attacks. Similarly, API gateways, while helpful for managing API traffic and authentication, often miss critical vulnerabilities. Understanding the limitations of WAFs and gateways is the first step in strengthening your API security strategy.

October 24, 2024

Navigating the Road to Automotive Security

In today's connected world, automobiles are complex systems driven by APIs, but this brings risks; Traceable ASPEN's latest research highlights urgent automotive security needs by analyzing recent vulnerabilities, including real-time vehicle tracking and data breaches.

July 23, 2024

Securing Third Party APIs is Critical for Modern Business

Third-party APIs are essential for modern businesses but pose security risks, including data breaches, service disruptions, and regulatory violations. Poorly secured APIs expose organizations to attacks, compliance failures, and reputational damage. Protecting APIs is a business imperative, requiring proactive security measures to safeguard sensitive data and maintain service stability.

September 20, 2024

Recent Posts

Help, I'm Being Attacked: Why WAFs & Gateways Won't Stop the Next API Attack

October 24, 2024

Let’s Face It - Criminals are bypassing selfie verification in Know Your Customer processes

October 14, 2024

API Security: The Unseen Risk Threatening Australian Businesses

October 8, 2024

Why "Check-the-Box” Solutions Are Insufficient for API Security

September 27, 2024

Securing Third Party APIs is Critical for Modern Business

September 20, 2024

Securing Generative AI-Enabled Applications: Crawl - Walk - Run Strategy for Product Security

September 6, 2024

API Security

View All Blogs
arrow

Help, I'm Being Attacked: Why WAFs & Gateways Won't Stop the Next API Attack

Many organizations mistakenly believe that Web Application Firewalls (WAFs) or API gateways provide sufficient protection against API attacks. While these tools offer useful traffic management and basic security features, they fall short when it comes to defending against more sophisticated API threats. WAFs are designed for web applications, not the complex logic and workflows of APIs, leaving them vulnerable to business logic and shadow API attacks. Similarly, API gateways, while helpful for managing API traffic and authentication, often miss critical vulnerabilities. Understanding the limitations of WAFs and gateways is the first step in strengthening your API security strategy.

October 24, 2024

API Security: The Unseen Risk Threatening Australian Businesses

Explore who owns API security in modern Australian enterprises, key stakeholders involved, and how regulations like APRA and SOCI shape security practices. Learn about evolving responsibilities and emerging challenges in API governance

October 8, 2024

Why "Check-the-Box” Solutions Are Insufficient for API Security

Why “Check-the-Box” Solutions Are Insufficient for API Security

September 27, 2024

Organizing API Security Around the NIST Cybersecurity Framework

Explore how the NIST Cybersecurity Framework 2.0 can revolutionize your API security strategy. This guide outlines key functions and activities for securing APIs, including risk identification, protection measures, real-time detection, incident response, and recovery processes. Enhance your organization's API security posture and protect critical data with actionable insights and best practices.

August 2, 2024

Traceable ASPEN

View All Blogs
arrow

Service Now RCE - The Three Keys to ServiceNow's Data Vault

ServiceNow recently patched critical vulnerabilities (CVE-2024-4879, CVE-2024-5178, CVE-2024-5217) that allow remote code execution and sensitive file reads. Exploits involve server-side template injection using Apache Jelly. Traceable has deployed protection mechanisms to safeguard against these threats.

September 3, 2024

Service Now RCE - The Three Keys to ServiceNow's Data Vault

ServiceNow recently patched critical vulnerabilities (CVE-2024-4879, CVE-2024-5178, CVE-2024-5217) that allow remote code execution and sensitive file reads. Exploits involve server-side template injection using Apache Jelly. Traceable has deployed protection mechanisms to safeguard against these threats.

September 3, 2024

How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System

APIs are essential for modern web applications, but they also introduce significant security challenges. Even large enterprises can fall prey to simple API vulnerabilities, as demonstrated by Traceable's discovery of a critical security flaw in Honeywell’s BEDQ system. This incident underscores the importance of robust API security measures.

August 19, 2024

Navigating the Road to Automotive Security

In today's connected world, automobiles are complex systems driven by APIs, but this brings risks; Traceable ASPEN's latest research highlights urgent automotive security needs by analyzing recent vulnerabilities, including real-time vehicle tracking and data breaches.

July 23, 2024

Product Updates

View All Blogs
arrow

Traceable API Security Platform Updates - June & July 2024

This past month’s releases include major improvements to data classification, UX improvements for API catalog, AST changes, and a new threat activity UI for improved visibility and more efficient analysis.

December Software Release

December was an extremely busy month for Traceable as we worked with customers to protect their environments from the Log4Shell vulnerability.

February 15, 2022

Traceable API Security Platform Updates - May 2024

Traceable, a leading API security platform, has released major updates in May 2024, including new compliance policies and issues dashboard, fine-grained filters for targeted API security testing, and enhancements to credential stuffing and volumetric attack detection. These updates empower organizations to maintain API compliance, conduct targeted security testing, and combat advanced API threats effectively.

June 20, 2024

March | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, local hosting for EU/Asia and support for agentless deployments.

April 6, 2022

February | Traceable AI Feature Release

Stay current with new developments from Traceable AI; including, new support for AWS Lambda serverless architecture and new privacy features for managing sensitive data.

March 18, 2022

Traceable Defense AI M8 Released

Easier deployment process, extended agent support, extended API Intelligence, easier to find problems, protection additions, improved UX around threat hunting, ability to isolate per environment

April 11, 2021

The Inside Trace

Subscribe for expert insights on application security.

Thanks! Your subscription has been recorded.

or subscribe to our RSS Feed

WHY TRACEABLE
Why TraceableOur CustomersOur PartnersAbout TraceableIn the NewsRequest DemoCompare Traceable
PLATFORM
API DiscoveryAttack ProtectionAttack DetectionFraud and Bot SecurityAPI Testing
USE CASES
API DiscoveryShift Left SecuritySensitive Data ExfiltrationAccount TakeoverBot MitigationIncident ResponseData Privacy and Compliance
RESOURCES
OverviewRelated API Resources BlogWebinarsCustomer Peer ReviewsCase StudiesWhite PaperDatasheetsDocumentationCustomer Success & Support
COMPANY
Sign In CareersPressPress KitASPEN LabsCustomer SupportSecurity and ComplianceLegalPrivacy Policy

© 2024 Traceable Inc.

548 Market Street PMB 83903, San Francisco, CA 94104-5401