api-security
Safeguard articles tagged "api-security" — guides, analysis, and best practices for software supply chain and application security.
100 articles
What is GraphQL Security
GraphQL's flexibility creates unique risks—excessive data exposure, DoS via nested queries, and broken field-level authorization. Here's how to defend it.
OWASP API Security Top 10 Explained
The 2023 OWASP API Security Top 10 explained with real breaches — T-Mobile, Optus, Peloton — plus what changed since 2019 and how to prioritize fixes.
API Security Misconfiguration
API misconfigurations exposed 37M T-Mobile and 9.8M Optus accounts without a single exploit. Here's why it keeps happening and how to stop it.
Unsafe Consumption of APIs
OWASP's API10:2023 exposes a blind spot: teams sanitize user input but blindly trust API responses from partners, vendors, and internal services.
What is Broken Object Level Authorization (BOLA)
BOLA lets attackers swap an object ID in an API request to pull someone else's data. Here's how it works, real breaches, and how to stop it.
What is an API Gateway and Its Security Role
An API gateway centralizes auth, routing, and rate limiting for every request — get it wrong and, as T-Mobile and Optus learned, millions of records leak.
What is Rate Limiting
Rate limiting caps requests per client to stop credential stuffing and scraping. Learn how it works, the algorithms, and real breaches it prevents.
What is API Authentication
API authentication verifies who's calling your API before authorization decides what they can do — here's how it works, common methods, and where it fails.
HMAC
HMAC is a cryptographic construct that combines a hash function with a secret key to verify both the integrity and authenticity of a message.
Web Application Security Testing Tools in 2026
A category map of web application security testing tools in 2026, from SAST and DAST to API scanners, and how to pick a stack that matches your architecture.
MCP Server Rate-Limiting Patterns
A practical look at rate-limiting patterns for Model Context Protocol servers, covering per-tool quotas, token budgets, burst control, and abuse-resistant designs.
How to implement OAuth 2.0 securely
A step-by-step guide to implementing OAuth 2.0 securely: PKCE, redirect URI validation, token storage, and the vulnerabilities to avoid.