Safeguard
Tag

api-security

Safeguard articles tagged "api-security" — guides, analysis, and best practices for software supply chain and application security.

100 articles

Application Security

FastAPI Security Best Practices

Securing FastAPI applications with Pydantic validation, OAuth2 integration, and dependency injection patterns.

May 22, 20244 min read
Incident Analysis

Dell Data Breach Exposes 49 Million Customer Records via API Abuse

In May 2024, Dell Technologies disclosed a breach exposing 49 million customer records after a threat actor exploited a partner portal API to scrape names, addresses, and purchase details, then attempted to sell the data online.

May 10, 20247 min read
Application Security

GraphQL Injection Prevention: Securing Your API Layer

GraphQL's flexible query language introduces injection risks that differ fundamentally from REST APIs. Preventing GraphQL injection requires understanding the query parser, resolver chain, and schema design.

May 5, 20247 min read
Code Security

XML External Entity (XXE) Prevention: Disabling the Features That Attack You

XXE attacks exploit XML parser features that most applications never need. Here is how to disable them across every major language and framework.

Feb 18, 20245 min read
Incident Analysis

Trello API Scraping Exposes 15 Million User Accounts

In January 2024, a threat actor used an insecure Trello API endpoint to scrape and correlate email addresses with Trello account data for over 15 million users, then posted the dataset on a hacking forum.

Jan 22, 20247 min read
Application Security

Express and Node.js Security Hardening

Practical security hardening for Express.js applications covering middleware, input validation, and production deployment.

Jan 12, 20244 min read
Application Security

API Gateway Security Patterns That Actually Work

API gateways sit between the internet and your services. Getting the security patterns right here multiplies your defense across every API behind them.

Dec 12, 20236 min read
Application Security

OAuth Token Security Throughout the Lifecycle

OAuth tokens grant access to APIs, services, and user data. Their security across creation, storage, use, and revocation determines your application risk posture.

Nov 8, 20234 min read
Application Security

API Security Testing Against the OWASP API Top 10: A Hands-On Guide

APIs are now the primary attack surface for most applications. Here is how to test for the OWASP API Security Top 10 risks systematically.

Nov 5, 20237 min read
Application Security

JSON Parsing Library Vulnerabilities You Should Know About

JSON is the lingua franca of APIs, but the libraries that parse it have had serious security issues. Here is what to watch for in your stack.

Sep 28, 20235 min read
Application Security

API Security Through the Supply Chain Lens

APIs are both an attack surface and a supply chain dependency. This guide examines API security risks from authentication to third-party integrations.

Sep 12, 20237 min read
API Security

gRPC Security Considerations: Protecting High-Performance Service Communication

gRPC's binary protocol and HTTP/2 transport make it fast. They also make it harder to inspect, monitor, and secure than REST APIs. Here is what you need to know.

Sep 12, 20235 min read
api-security (Page 8) — Safeguard Blog