mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

611
comptes actifs

#apisecurity

0 message0 participant0 message aujourd’hui

🚀 New Brand Story from #RSAC2025: Runtime Protection at the New Digital Front Line

At #RSAC Conference 2025, Sean Martin, CISSP sat down with Rupesh Chokshi, Senior Vice President and GM of Application Security at Akamai Technologies, to talk about how AI-driven applications and #APIs are reshaping the security landscape.

🔐 Why are runtime attacks on APIs and #AI apps growing—and why is prevention alone no longer enough?

Find out how Akamai is evolving its Web Application and API Protection (#WAAP) strategies to meet these emerging threats head-on.

🎙️ Watch, listen, or read the full story here:
👉 itspmagazine.com/their-stories

ITSPmagazineThe New Front Line: Runtime Protection for AI and API-Driven Attacks | A Brand Story with Rupesh Chokshi from Akamai | An On Location RSAC Conference 2025 Brand Story — ITSPmagazine | Broadcasting Ideas. Connecting Minds.™In this episode, Rupesh Chokshi of Akamai breaks down the surge in API and AI-driven threats and explains how Akamai’s new Firewall for AI helps CISOs manage risk without slowing innovation. With real-world data, sharp insights, and practical solutions, this episode is a must-listen.

🌐 The Digital Terrain Is Shifting — Are Your Apps and APIs Ready?

As AI adoption accelerates, so do AI-driven attacks.
In their new research report, Akamai Technologies uncovers the evolving threats facing web applications and APIs — and how organizations can respond before attackers get ahead.

State of Apps and API Security 2025: How #AI Is Shifting the Digital Terrain explores the sharp rise in automated, intelligent threats — and the new defenses emerging to meet them.

📥 Download the full report here: itspm.ag/akamaixmwd
📌 Research like this helps #security professionals, #leaders, and #developers stay ahead of the curve — and shape the future of #digital defense.

🎙️ We’re also proud to feature Akamai in our RSAC 2025 coverage — with a Brand Story recorded pre-event and a follow-up conversation happening on location at the conference in San Francisco with Rupesh Chokshi, Sean Martin, CISSP, and Marco Ciappelli.

Watch the pre-event recording here: youtu.be/DMm6INJ_2Z8

🙏 A huge thank you to the Akamai team for sponsoring our coverage and sharing their insights with our global audience.

👇 Check out the report and stay tuned for more from RSAC:

📥 Download the Report: itspm.ag/akamaixmwd
🌐 Explore our RSAC 2025 Coverage: itspmagazine.com/events/rsac-2

"API keys are foundational elements for authentication, but relying solely on them is inherently a risky proposal.

Firstly, there’s the reality that API keys are not securely designed — they were never meant to be used as the sole form of authentication, and as such, they aren’t really built for the task. These keys can often be easily stolen, leaked, or, in some cases (especially if generated incrementally), outright guessed. An API key is suitable for tracking usage but is poor for security.

There is also the additional reality that keys in their default state lack some critical functionality. There’s not a lot of verification built-in for identity management, and what does exist offers very little in the way of granular access control.

Ultimately, solely relying on API keys is a mistake common with novice developers but frighteningly common even in advanced products.

Best Practices
Instead of relying heavily on API keys as a sole mechanism, combine those keys with additional approaches such as OAuth 2.0 or mTLS. Implement rigorous expiration and rotation policies to ensure that keys which are made public are only useful for a short amount of time. Consider more advanced approaches, such as IP whitelisting or device fingerprinting, to add another layer of security atop the API key process."

nordicapis.com/9-signs-youre-d

Nordic APIs · 9 Signs You're Doing API Security Wrong | Nordic APIs |API security anti-patterns are common. From overreliance on API keys to a lack of rate limiting to no encryption, we explore the top ones.
#API#APIs#APISecurity

Wallarm Releases 2025 API ThreatStats Report, Revealing that APIs are the Predominant Attack Surface

buff.ly/4aEd2fo

"Wallarm's researchers tracked 439 AI-related CVEs, a staggering 1,025% increase from the prior year. Nearly all (99%) were directly tied to APIs, including injection flaws, misconfigurations, and new memory corruption vulnerabilities stemming from AI's reliance on high-performance binary APIs."

Strengthen API Access Control with Attribute-Based Authorization

curity.io/blog/strengthen-api-

"ABAC is a more powerful way to perform fine-grained authorization. However, you must be aware of where your APIs take the attributes from to perform authorization decisions. The attributes must come from a reputable source, and the API must be sure that no one has tampered with them." -- #MichalTrojanowski

curity.ioStrengthen API Access Control with Attribute-Based Authorization | Bl...Proper authorization constitutes an important part of your API security.

Secrets Management Core Practices

dzone.com/refcardz/secrets-man

"This Refcard delves into the core practices of secrets management, common challenges, and its pivotal role in modern security environments, providing a comprehensive guide for organizations aiming to enhance the security posture of their secrets management strategy." -- #ApostolosGiannakidis

dzone.comSecrets Management Core Practices - DZone RefcardzLearn key measures for a centralized secrets management strategy, including security-first practices for secrets injection, automation, compliance, and monitoring.

Common Risks Associated with APIs

apichangelog.substack.com/p/co

"You can group API risks into at least five categories: security, performance, operational, data integrity, and business. Each one of these categories has its implications and specific mitigation strategies. Let's look at each in more detail to understand what we're dealing with." -- #BrunoPedro

The API Changelog · Common Risks Associated with APIsPar Bruno Pedro

Ever wonder how secure your smart home devices really are? 🔐 The latest Net API Notes article dives into a real-life API vulnerability that put millions of COX modems at risk. Discover four crucial API security questions any API producer should consider! 🏡💻 #APISecurity #SmartHome #CyberSecurity #TechNews #APIs

netapinotes.com/uncovering-api

Net API Notes · API Insecurity: Lessons from the Cox Modem BreechNet API Notes for 2024/06/24, Issue 240

Using OPA To Achieve Zero-Trust APIs

nordicapis.com/using-opa-to-ac

"Open Policy Agent takes this one step further, presenting a unified but decentralized open-source solution for setting standards for authorization. By adopting OPA, you get the best of both worlds — a decentralized stack that still has a unified policy engine. " -- #KristopherSandoval

Nordic APIs · Using OPA To Achieve Zero-Trust APIs | Nordic APIs |Learn how Open Policy Agent (OPA) evolves authorization to achieve a zero-trust model for APIs and distributed microservices architectures.

From innovation to controversy - I revisit Eran Hammer's bold declaration that OAuth 2.0 was a 'road to hell'. What happens when a protocol becomes a framework? Do the promises of security outweigh the complexity? From Hammer's dramatic resignation to the industry's adaptation, I unravel the legacy of his warnings and the current state of OAuth 2.0 in the second of the APIcryphal series for paid subscribers. Are we more secure a decade later? #OAuth2 #APIsecurity 🚀🔒 netapinotes.substack.com/p/era

Net API Notes · Eran Hammer's OAuth 2.0 'Road to Hell'Par Matthew Reinbold