Your search for API security found 31 results
We are excited to announce that Char49 will be presenting at the NMFTA Cybersecurity Conference 2024, taking place from October 27 to 29 in Cleveland, OH – a sold-out event that plays a critical role to the Motor Freight infosec community. Our Principal Security Researcher, Paulo Silva, will be delivering a compelling talk titled "Navigating the Shadows: Understanding API Security Through History."
The 2024 edition of the Dashlane Security Seminar, held on June 20th at the Impact Hub in Lisbon, was an outstanding event that brought together experts from across the cybersecurity and digital identity landscape. This seminar, with high-quality speakers and insightful discussions, provided a platform for the exchange of cutting-edge ideas and real-world solutions to some of the most pressing issues in today’s digital world.
The RootedCON computer security conference was established to foster the exchange of knowledge among members of the security community. This year, it was held in Portugal for the first time on May 24 and 25, 2024, featuring our Principal Security Researcher and Co-Leader of the OWASP API Security Pr...
Either way, you may consider joining Paulo Silva, our Principal Security Researcher and Co-Leader at the OWASP API Security Project, on June 26th, for a whole day of hands-on training on API security.
"The Dark Side of APIs - the Attacker's Approach to Protecting Software" is a 1-day hands-on trai...
In today's digital landscape, Application Programming Interfaces (APIs) serve as the connective tissue that enables seamless data and service exchanges between applications and businesses. However, with this great power comes great responsibility, as API security has become a critical concern. To ad...
In the rapidly evolving landscape of information security, some conferences stand out as pivotal hubs for knowledge exchange, collaboration, and networking. One such beacon in Portugal is BSidesLisbon, the premier technical information security conference. Now in its 8th edition, this community-or...
Char49 is proud to announce that our Principal Security Researcher and Co-Leader at OWASP API Security Project, Paulo Silva, will be representing us at BSIDES AHMEDABAD 2023. He will be speaking on October 6th at this prestigious event in Ahmedabad, India, which brings together the brightest min...
"Integration Tomorrow" is a one-day conference that brings together industry leaders, experts, and professionals to discuss the latest trends and advancements in integration solutions. With technology rapidly evolving, integration plays a crucial role in enabling seamless data exchange and process...
We are excited to share that the OWASP API Security Top 10 2023 release candidate is now available.
Our own security researcher and OWASP API Security Project co-leader Paulo Silva took part in this effort, making us particularly proud of the work done. The latest trends and threats in API secur...
Photography by @Women4Cyber
If October was exciting, November was really amazing! Why? No, it wasn't for the colder and rainy days, not even for the roasted chestnuts or the delicious autumn oven meals.
First, Paulo Silva on November 9th took part at OWASP Lisboa Chapter meetup in a talk named...
One of the challenges for bad actors, apart from finding an exploitable flaw, is to pass unnoticed not only during the research process but also during the exploitation phase. Insufficient logging and monitoring make it hard or even impossible to detect and mitigate suspicious activity or attacks ta...
Introducing breaking changes to a live API with hundreds, thousands, or even millions of active users is (usually) not an option. Releasing a new API version gives a chance to existing users to work on their integrations to migrate to the latest version, without interrupting the service. Nevertheles...
Given their role, APIs interact with several other (software) components such as filesystem, databases, LDAP, or other internal and external APIs. Not all these components are capable of validating and sanitizing the input they receive. When APIs neglect this responsibility, properly validate and sa...
Security Misconfiguration is a broad category in which everything that could have been done to improve the API overall security but that wasn't, fall. Usually, security misconfigurations are a consequence of insecure defaults such as a database without authentication or a permissive Cross- Origin Re...
Fast pace development environments or unclear business or functional requirements make developers choose generic implementations: binding client-provided data (e.g. JSON objects) to data models (e.g. those provided by popular ORM/ODM libraries) is, unfortunately, a common pattern that leaves the doo...
If you have been following our OWASP API Security Top 10 series, you know that we have already covered a specific type of authorization issue: Broken Object Level Authorization. Broken Function Level Authorization issues are not that different. Instead of getting access to a user's object, bad...
API clients' requests cost, at least bandwidth, computation cycles, memory, and storage, not only from the API back-end server but, in most cases several other systems, such as database servers. API requests compete for these resources to be fulfilled as quickly as possible but, improper resources m...
Either looking forward to generic implementations or due to short time-to-market, developers tend to expose all object properties (e.g. JSON), relying on clients (e.g. web front-end or mobile application) to filter relevant data to render. Quite often such data exposes system internals or personally...
In case you're not aware of our OWASP API Security Top 10 series, you can find the articles here. Most APIs, special those that support web front-ends or mobile applications, include several authentication-related endpoints. Based on our experience, quite often APIs fail to tackle brute force atta...
In case you're landing here coming from a search engine or a referral article, you may want to read our OWASP API Security Top 10 series debut article first. This is the first article in this series because it was, and probably still is, the most critical API security risk at the time the document...
This is not the first time we write about the OWASP API Security TOP 10 and it won’t be the last. On our “Hunting the OWASP API Security Top 10” article, we did a quick introduction to this OWASP project, explaining a bit our involvement and contributions to it. Because we find more and more vulne...
C-DAYS is a conference organized annually by the National Cybersecurity Center (CNCS), the Portuguese authority on cybersecurity and aims to promote and debate this topic. This is the year of the 7th edition of the event, where professionals, academics, decision-makers and interested parties in gen...
Participants in this session will get a walk-through on MindAPI - an online mind-map that combines years of experience in API security testing. It's divided into two sections. Reconnaissance and Testing (Follows OWASP API Security Top 10 guidelines and other security guides). Get a tuned methodology...
Early 2019 we, at Char49, were challenged to research the most common API security issues. At that time API security was not exactly on the news, but APIs were becoming a fast-paced critical piece of modern applications architecture. We followed this technological change since its early days either due to our penetration testing services or responsible disclosure programs. That had given us a great understanding and experience on the API security scene, but we’ve dug deeper into API-related publicly available security incidents data. Our contribution was released later that year as part of the OWASP API Security Top 10 2019.
For almost 30 years, the RSA Conference has been an important meeting point in the cybersecurity community to share, learn and growth. A space for innovation and partnerships where, from the 17th to the 20th of May 2021, another edition takes place with the presence of specialists in cybersecurity from all over the world.
In this year's edition, the conference will be attended by two Char49 specialists, David Sopas (COO) and Pedro Umbelino (Senior Security Researcher), this in partnership with Erez Yalon (Director of Security Research, Checkmarx), Luis Gomes (Global Head of Information Security, OLX Group) and Tanya Janca (Founder & CEO, We Hack Purple Academy, Community and Podcast).
For almost 30 years, the RSA Conference has been an important meeting point in the cybersecurity community to share, learn and growth. A space for innovation and partnerships where, from the 17th to the 20th of May 2021, another edition takes place with the presence of specialists in cybersecurity from all over the world.
In this year's edition, the conference will be attended by two Char49 specialists, David Sopas (COO) and Pedro Humbelino (Senior Security Researcher), this in partnership with Erez Yalon (Director of Security Research, Checkmarx), Luis Gomes (Global Head of Information Security, OLX Group) and Tanya Janca (Founder & CEO, We Hack Purple Academy, Community and Podcast).
Do you speak API? Surely you do, even if you don't notice them in your world wide web everyday use. APIs are proved to be beneficial for business, but with great power comes great responsibility and some of them have serious problems. Last year we put a lot of effort to build and release the OWASP A...
