Safeguard
Tag

api-security

Safeguard articles tagged "api-security" — guides, analysis, and best practices for software supply chain and application security.

100 articles

Application Security

How to set up API rate limiting

A practical, step-by-step guide to setting up API rate limiting — gateway and app-layer configs, algorithm choices, per-endpoint tuning, and how to verify it actually blocks abuse.

Feb 10, 20267 min read
Best Practices

What is Credential Rotation

Credential rotation limits how long a leaked API key, password, or token stays valid. Here's how it works, how often to do it, and why automation matters.

Jan 26, 20266 min read
AppSec

Missing Rate Limiting: The OWASP API Security Risk Explained

A no rate limiting vulnerability sits quietly in most APIs until it enables brute force, credential stuffing, or resource exhaustion; here is how to spot it and fix it before it does.

Jan 22, 20265 min read
Industry Analysis

Third-party risk assessment for insurtech SaaS platforms

A practical playbook for running an insurtech third-party risk assessment across vendors, APIs, and integrations before they touch policyholder data.

Dec 31, 20258 min read
Vulnerability Analysis

Insecure direct object reference (IDOR) explained

IDOR lets attackers access other users' data by editing an ID in a request. See how it broke USPS, Panera, and First American — and how to actually fix it.

Dec 9, 20256 min read
Vulnerability Analysis

Broken access control explained

Broken access control has topped OWASP's Top 10 since 2021. See real breaches, common patterns like IDOR, and how to detect and fix them.

Dec 9, 20257 min read
AI Security

How model extraction attacks steal proprietary AI model b...

Model extraction attacks let adversaries clone proprietary AI models through ordinary API queries alone. Here's how the attacks work, why they evade detection, and how to stop them.

Dec 7, 20257 min read
Vulnerability Analysis

Business logic vulnerabilities explained

A business logic vulnerability breaks your app's rules, not its code. See how Starbucks, Shopify, and the DAO were exploited -- and how to detect and prevent it.

Dec 5, 20257 min read
Vulnerability Analysis

Mass assignment vulnerabilities explained

Mass assignment lets attackers write privileged fields like "role":"admin" via ordinary API calls. Learn how it works, real CVEs, and fixes.

Dec 5, 20257 min read
Vulnerability Analysis

GraphQL injection and introspection abuse explained

How GraphQL injection, introspection abuse, and alias-based DoS attacks expose APIs to data leaks—illustrated by the 2021 Peloton breach.

Dec 5, 20257 min read
Vulnerability Analysis

JWT algorithm confusion / none-algorithm bypass explained

How attackers forge JWTs via RS256/HS256 key confusion and the alg:none bypass, with real CVEs, detection steps, and defenses.

Dec 4, 20257 min read
Buyer's Guides

Best API security testing tools

A practical, no-hype comparison of API security testing tools — from OWASP ZAP to Salt Security — covering REST/GraphQL coverage, posture management, and real tradeoffs.

Nov 9, 20258 min read
api-security (Page 5) — Safeguard Blog