api-security
Safeguard articles tagged "api-security" — guides, analysis, and best practices for software supply chain and application security.
100 articles
FastAPI Security Best Practices
Securing FastAPI applications with Pydantic validation, OAuth2 integration, and dependency injection patterns.
Dell Data Breach Exposes 49 Million Customer Records via API Abuse
In May 2024, Dell Technologies disclosed a breach exposing 49 million customer records after a threat actor exploited a partner portal API to scrape names, addresses, and purchase details, then attempted to sell the data online.
GraphQL Injection Prevention: Securing Your API Layer
GraphQL's flexible query language introduces injection risks that differ fundamentally from REST APIs. Preventing GraphQL injection requires understanding the query parser, resolver chain, and schema design.
XML External Entity (XXE) Prevention: Disabling the Features That Attack You
XXE attacks exploit XML parser features that most applications never need. Here is how to disable them across every major language and framework.
Trello API Scraping Exposes 15 Million User Accounts
In January 2024, a threat actor used an insecure Trello API endpoint to scrape and correlate email addresses with Trello account data for over 15 million users, then posted the dataset on a hacking forum.
Express and Node.js Security Hardening
Practical security hardening for Express.js applications covering middleware, input validation, and production deployment.
API Gateway Security Patterns That Actually Work
API gateways sit between the internet and your services. Getting the security patterns right here multiplies your defense across every API behind them.
OAuth Token Security Throughout the Lifecycle
OAuth tokens grant access to APIs, services, and user data. Their security across creation, storage, use, and revocation determines your application risk posture.
API Security Testing Against the OWASP API Top 10: A Hands-On Guide
APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.
JSON Parsing Library Vulnerabilities You Should Know About
JSON is the lingua franca of APIs, but the libraries that parse it have had serious security issues. Here is what to watch for in your stack.
API Security Through the Supply Chain Lens
APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.
gRPC Security Considerations: Protecting High-Performance Service Communication
gRPC's binary protocol and HTTP/2 transport make it fast. They also make it harder to inspect, monitor, and secure than REST APIs. Here is what you need to know.