#waap — Public Fediverse posts

API-безопасность 2026: почему защита требует нового подхода

Ещё пять лет назад Gartner предсказывал, что эксплуатация уязвимостей API станет самым частым вектором взлома приложений и сервисов. Сегодня этот сценарий атак стал практически нормой. Из-за этого API превратились в полноценный бизнес-актив, к которому, по-хорошему, должны применяться те же требования по безопасности и надёжности, что и к любому другому продукту. Однако на практике с этим возникают проблемы. По данным Salt Security , большинство компаний за последний год сталкивались с инцидентами, связанными с безопасностью API. При этом сами интерфейсы продолжают быстро расти и усложняться , а защита за этим ростом не всегда успевает. В таких условиях даже корректные запросы могут приводить к утечкам данных или обходу ограничений. Особую тревогу вызывает рост ИИ-уязвимостей , где API выступают основным каналом взаимодействия — а значит, и потенциальной точкой атаки. В статье разберу актуальные техники и тактики атак на API и рассмотрю, какие практики стоит внедрять уже сейчас для защиты веб-приложений.

https://habr.com/ru/companies/garda/articles/1025962/

#waf #waap #api #api_security

API под прицелом: Три типа «трупов» (Shadow, Orphan, Zombie) и одна новая надежда

Использование API помогает выстраивать подобные архитектуры, а некоторые команды даже практикуют API-first разработку (приложение разрабатывается сначала с использованием API, а уже потом покрывается Веб-интерфейсом). И, когда вокруг нас такое развитие, мы как безопасники, задаемся вопросом: а достаточно ли защищено приложение, использующее API? API Gateway: Первый претендент на защиту API При упоминании API одна из первых ассоциаций - API Gateway. Возникновение этого класса решений - логичный ответ на сложность поддержки разрастающегося количества эндпоинтов: системам нужна «единая точка входа», чтобы планировать маршруты, трансформировать протоколы (из JSON в gRPC и обратно) и вешать базовую авторизацию.

https://habr.com/ru/companies/angarasecurity/articles/995958/

#API #WAF #WAAP #Shadow_API #Безопасность_API #API_Gateway #Микросервисы #OpenAPI #AppSec #DevSecOps

https://www.fogolf.com/1164125/womens-amateur-asia-pacific-kiwi-teen-duo-lead-home-charge-at-royal-wellington/ Women’s Amateur Asia-Pacific: Kiwi teen duo lead home charge at Royal Wellington #11strong #AMATEUR #AsiaPacific #at #barber #Charge #contingent #draw #Duo #Elise #EVEN #Golf #GolfNews #HOME #Kiwi #last #Lead #Leading #Opening #round #Royal #Tang #Teen #teenage #they #WAAP #Week #WELLINGTON #werent #wildcards #women's #yesterdays

https://www.fogolf.com/1164125/womens-amateur-asia-pacific-kiwi-teen-duo-lead-home-charge-at-royal-wellington/ Women’s Amateur Asia-Pacific: Kiwi teen duo lead home charge at Royal Wellington #11strong #AMATEUR #AsiaPacific #at #barber #Charge #contingent #draw #Duo #Elise #EVEN #Golf #GolfNews #HOME #Kiwi #last #Lead #Leading #Opening #round #Royal #Tang #Teen #teenage #they #WAAP #Week #WELLINGTON #werent #wildcards #women's #yesterdays

Any suggestions what I could use as a Web Application Firewall or WAAP, if possible free and open source? If not free then open source is still preferred... I want to expose some things from my k8s cluster..

#waf #waap #k8s

🏔️ Great days at the Ergon Airlock Partner Event 2026 on the Stoos.

Proud to receive the award 'Biggest Microgateway Deal 2025' for our success story with HIN - Health Info Net.

Full story: https://www.vshn.ch/en/blog/vshn-wins-biggest-microgateway-deal-2025-at-the-ergon-airlock-partner-event/

#Airlock #Ergon #Microgateway #IdentitySecurity #ZeroTrust #WAAP #DevOps #CloudNative

🚀 Secure your Kubernetes workloads with ease!
Discover how Airlock Microgateway on Servala delivers Kubernetes-native Web App and API Protection (WAAP) - fully managed, sovereign, and developer-friendly.
Read the full story: https://servala.com/article/airlock-microgateway-on-servala/

#Airlock #Microgateway #Kubernetes #APIsecurity #WAAP #Security #DevSecOps #CloudNative #SovereignCloud

🚀 New Brand Story from #RSAC2025: Runtime Protection at the New Digital Front Line

At #RSAC Conference 2025, Sean Martin, CISSP sat down with Rupesh Chokshi, Senior Vice President and GM of Application Security at Akamai Technologies, to talk about how AI-driven applications and #APIs are reshaping the security landscape.

🔐 Why are runtime attacks on APIs and #AI apps growing—and why is prevention alone no longer enough?

Find out how Akamai is evolving its Web Application and API Protection (#WAAP) strategies to meet these emerging threats head-on.

🎙️ Watch, listen, or read the full story here:
👉 https://www.itspmagazine.com/their-stories/the-new-front-line-runtime-protection-for-ai-and-api-driven-attacks-a-brand-story-with-rupesh-chokshi-from-akamai-an-on-location-rsac-conference-2025-brand-story

#cybersecurity #infosec #appsec #apisecurity #technology #infosecurity

My latest: Independent lab testing crowns a new leader in #WAAP #AppSec #InfoSec #APIProtection #WebSecurity #TechNews #Cybersecurity https://searchitoperations.techtarget.com/news/366623596/Independent-lab-crowns-new-WAAP-product-among-its-leaders

Использование машинного обучения для выявления скрытых угроз веб-безопасности

Анализ большого объема логов ‒ сложный и длительный процесс, и обычные алгоритмы редко выявляют больше, чем система активной защиты. Поэтому логичным и перспективным решением становится применение машинного обучения. В этой статье рассмотрены варианты применения ML-моделей для анализа веб-угроз, когда сложные модели оправданы, а когда можно обойтись более простыми решениями без потери точности.

https://habr.com/ru/companies/garda/articles/885786/

#выявление_атак #машинное_обучение #ML #waf #waap

API Security in Open Banking: Balancing Innovation with Risk Management – Source:hackread.com https://ciso2ciso.com/api-security-in-open-banking-balancing-innovation-with-risk-management-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Hackread #security #Banking #Fintech #WAAP #API #AI #ML

API Security in Open Banking: Balancing Innovation with Risk Management https://hackread.com/api-security-open-banking-balancing-risk-management/ #Cybersecurity #Security #security #Fintech #Banking #WAAP #API #AI #ML

😤 #Scraperbots are automating data theft, extracting your website's content without permission! 🌐

💣 Learn about the impact of scraper bots and how to prevent them: https://bit.ly/3RiXgya

#contentscraping #bots #webscrapers #webcrawlers #scraping #waf #botmanagement #waap #scrapingbots #apptrana #indusface

😤 #Scraperbots are automating data theft, extracting your website's content without permission! 🌐

💣 Learn about the impact of scraper bots and how to prevent them: https://bit.ly/3RiXgya

#contentscraping #bots #webscrapers #webcrawlers #scraping #waf #botmanagement #waap #scrapingbots #apptrana #indusface

😤 #Scraperbots are automating data theft, extracting your website's content without permission! 🌐

💣 Learn about the impact of scraper bots and how to prevent them: https://bit.ly/3RiXgya

#contentscraping #bots #webscrapers #webcrawlers #scraping #waf #botmanagement #waap #scrapingbots #apptrana #indusface

#api #apis #apiattacks #apisecurity #apithreats #apiprotection #apimanagement #cybersecurity #waap #waf #apptrana #indusface

#api #apis #apiattacks #apisecurity #apithreats #apiprotection #apimanagement #cybersecurity #waap #waf #apptrana #indusface

#api #apis #apiattacks #apisecurity #apithreats #apiprotection #apimanagement #cybersecurity #waap #waf #apptrana #indusface

#api #apis #apiattacks #apisecurity #apithreats #apiprotection #apimanagement #cybersecurity #waap #waf #apptrana #indusface

#cyberattacks #cybersecurity #cyberthreats #cybercrimes #smallbusiness #webapplicationfirewall #waap #appsec #apptrana #indusface

Web Application and API Protection (WAAP): эволюция WAF (Web Application Firewall)

WAAP (Web Application and API Protection) является брандмауэром веб-приложений следующего поколения WAF (Web Application Firewall) . Термин впервые начал использовать Gartner для описания защиты современных, постоянно меняющихся web-сервисов. Так как в мире CI/CD, динамики и API first компаний, функций традиционного WAF (Web Application Firewall) уже недостаточно. WAAP - это совокупность методов и технологий, которые используются для защиты веб-приложений и сервисов от атак и уязвимостей. WAAP включает в себя технологии, такие как WAF-NG, сканер уязвимостей, автоматическое обнаружение и блокирование атак 0-дня (в том числе с помощью виртуального патчинга), выявление аномалий с помощью технологий Machine Learning и смарт-капчи.

https://habr.com/ru/companies/owasp/articles/770384/

#WAAP #waf #web_application_firewall #защита_сайта #защита_api

👉 Explore real-world API attack scenarios and learn modern techniques to protect your business's APIs from hackers in our latest blog: https://bit.ly/3tAkkjp

#apisecurity #apis #apiprotection #databreaches #securitythreats #owaspapi #applicationsecurity #apigateway #apiattacks #ddosattacks #waap #apptrana #indusface

👉 Explore real-world API attack scenarios and learn modern techniques to protect your business's APIs from hackers in our latest blog: https://bit.ly/3tAkkjp

#apisecurity #apis #apiprotection #databreaches #securitythreats #owaspapi #applicationsecurity #apigateway #apiattacks #ddosattacks #waap #apptrana #indusface

👉 Explore real-world API attack scenarios and learn modern techniques to protect your business's APIs from hackers in our latest blog: https://bit.ly/3tAkkjp

#apisecurity #apis #apiprotection #databreaches #securitythreats #owaspapi #applicationsecurity #apigateway #apiattacks #ddosattacks #waap #apptrana #indusface

👉 “We have an #API gateway, and the strong authentication & authorization keeps us secure.”

This notion could cost you a #databreach, a compliance fine or even application downtime that may erode customer trust.

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how #APIs could be hacked.

They'll cover:

1. An exploit of #owaspapitop10 vulnerability
2. A brute force account take-over (ATO) attack on API
3. A #DDoS attack on an API
4. How a #WAAP could bolster security over an API gateway

📌 Save your seat now! https://bit.ly/3Mw4Inp

#apiattacks #authentication #authorization #apisecurity #hacking #owasptop10 #ddosattacks #apigateway #bruteforceattacks #ATO #apptrana #indusface

💪 Empower your #SOC team to detect and respond to #ddos attacks effectively.

Read our latest blog, which provides a brief guide to mastering traffic analysis techniques: https://bit.ly/3tRAnJi

#ddosattacks #ddosprotection #ddosmitigation #ddostraffic #webapplications #apiapplications #apis #waap #ratelimiting #apptrana #indusface

☝️ Just 1 day to go!

Join this live #DDoS attack simulation with Karthik Krishnamoorthy, CTO at Indusface, as he demonstrates a wide variety of attacks and mitigation measures.

He’ll demonstrate:

- The limitations of host-based rate-limits

- Building multi-pronged mitigation measures ranging from alerts to captchas to blocks

- Preventing #ddosattacks on #APIs

- How Unmetered DDoS mitigation works

Unfold all the findings in detail - reserve your seat now: https://bit.ly/3PPPRWH

#ddosmitigation #ddosprotection #apiattacks #cyberattack #cyberrisk #waap #waf #firewall #appsec #indusface #apptrana

☝️ Just 1 day to go!

Join this live #DDoS attack simulation with Karthik Krishnamoorthy, CTO at Indusface, as he demonstrates a wide variety of attacks and mitigation measures.

He’ll demonstrate:

- The limitations of host-based rate-limits

- Building multi-pronged mitigation measures ranging from alerts to captchas to blocks

- Preventing #ddosattacks on #APIs

- How Unmetered DDoS mitigation works

Unfold all the findings in detail - reserve your seat now: https://bit.ly/3PPPRWH

#ddosmitigation #ddosprotection #apiattacks #cyberattack #cyberrisk #waap #waf #firewall #appsec #indusface #apptrana

☝️ Just 1 day to go!

Join this live #DDoS attack simulation with Karthik Krishnamoorthy, CTO at Indusface, as he demonstrates a wide variety of attacks and mitigation measures.

He’ll demonstrate:

- The limitations of host-based rate-limits

- Building multi-pronged mitigation measures ranging from alerts to captchas to blocks

- Preventing #ddosattacks on #APIs

- How Unmetered DDoS mitigation works

Unfold all the findings in detail - reserve your seat now: https://bit.ly/3PPPRWH

#ddosmitigation #ddosprotection #apiattacks #cyberattack #cyberrisk #waap #waf #firewall #appsec #indusface #apptrana

👉 #DDoS attacks have increased by 75% in Q2 2023 - State of AppSec Research by Indusface.

Launching a 1-hour DDoS attack costs only a couple of dollars on the dark web.

So, how does one fortify defences to ensure app and #API availability in case of an attack?

Join this live attack simulation with Karthik Krishnamoorthy, CTO at Indusface, as he demonstrates a wide variety of attacks and mitigation measures.

He’ll demonstrate:
o The limitations of host-based rate-limits
o Building multi-pronged mitigation measures ranging from alerts to captchas to blocks
o Preventing #ddosattacks on APIs
o How Unmetered DDoS mitigation works

To unfold all the above findings in detail, reserve your seat now: https://bit.ly/3reqaG5

#ddosmitigation #ddosprotection #apiattacks #cyberattack #cyberrisk #waap #waf #firewall #appsec #indusface #apptrana

👉 #DDoS attacks have increased by 75% in Q2 2023 - State of AppSec Research by Indusface.

Launching a 1-hour DDoS attack costs only a couple of dollars on the dark web.

So, how does one fortify defences to ensure app and #API availability in case of an attack?

Join this live attack simulation with Karthik Krishnamoorthy, CTO at Indusface, as he demonstrates a wide variety of attacks and mitigation measures.

He’ll demonstrate:
o The limitations of host-based rate-limits
o Building multi-pronged mitigation measures ranging from alerts to captchas to blocks
o Preventing #ddosattacks on APIs
o How Unmetered DDoS mitigation works

To unfold all the above findings in detail, reserve your seat now: https://bit.ly/3reqaG5

#ddosmitigation #ddosprotection #apiattacks #cyberattack #cyberrisk #waap #waf #firewall #appsec #indusface #apptrana

👉 #DDoS attacks have increased by 75% in Q2 2023 - State of AppSec Research by Indusface.

Launching a 1-hour DDoS attack costs only a couple of dollars on the dark web.

So, how does one fortify defences to ensure app and #API availability in case of an attack?

Join this live attack simulation with Karthik Krishnamoorthy, CTO at Indusface, as he demonstrates a wide variety of attacks and mitigation measures.

He’ll demonstrate:
o The limitations of host-based rate-limits
o Building multi-pronged mitigation measures ranging from alerts to captchas to blocks
o Preventing #ddosattacks on APIs
o How Unmetered DDoS mitigation works

To unfold all the above findings in detail, reserve your seat now: https://bit.ly/3reqaG5

#ddosmitigation #ddosprotection #apiattacks #cyberattack #cyberrisk #waap #waf #firewall #appsec #indusface #apptrana

👉 #DDoS attacks have increased by 75% in Q2 2023 - State of AppSec Research by Indusface.

Launching a 1-hour DDoS attack costs only a couple of dollars on the dark web.

So, how does one fortify defences to ensure app and #API availability in case of an attack?

Join this live attack simulation with Karthik Krishnamoorthy, CTO at Indusface, as he demonstrates a wide variety of attacks and mitigation measures.

He’ll demonstrate:
o The limitations of host-based rate-limits
o Building multi-pronged mitigation measures ranging from alerts to captchas to blocks
o Preventing #ddosattacks on APIs
o How Unmetered DDoS mitigation works

To unfold all the above findings in detail, reserve your seat now: https://bit.ly/3reqaG5

#ddosmitigation #ddosprotection #apiattacks #cyberattack #cyberrisk #waap #waf #firewall #appsec #indusface #apptrana