Escape - The API Security Blog

API Security

Understanding Broken Object Level Authorization (BOLA) Vulnerability in API Security

Want to know how to secure your applications? You're in the right place. In this article, we will discuss a critical vulnerability that ranks number one in the OWASP API top 10 2023 - Broken Object Level Authorization, also known as BOLA. We will explore the concept of

API Security

How to secure APIs built with FastAPI: A complete guide

Want to know how to secure your APIs built with FastAPI? Dive into our latest blog post, where we guide you through the best practices for FastAPI security.

Product updates

Introducing notification rules: You can now tailor your alerts with precision

With our new notification rules feature, it takes just a few simple steps to customize your alerts to focus on what really matters for you and your business.

Custom Security Tests

Writing Custom Security Tests

This article was written by the guest expert, Aleksandr Krasnov. Aleksandr is the DevSecOps expert, principal security engineer, and an advisor. He has worked in companies like Meta, Dropbox, and Palo Alto Networks.

Application Security

4 lessons from recent application security case studies

Every organization, no matter how big or small, if it's dependent on the software (which is impossible not to be in the modern world), must prioritize software security. Interested in enhancing yours? Want to know how real-world application security challenges are tackled? Let's get straight to

API Gateway Security

API gateway security: 8 best practices

Are your API gateways well secured? If you have doubts, then they are not. API gateways play a large role in securing the flow of data between clients and backend services. But with the surge in API adoption (nearly 90% of developers are using APIs) and the increasing sophistication of

Product updates

Implementing real-world authentication scenarios in your scans is now made easy

With our new dynamic authentication token generation feature, it takes just a few simple steps to implement real-world authentication scenarios in your scans.

API Security

Laravel SQL injection guide: Practical examples included

Want to know how to protect your Laravel applications? Dive into our latest blog post, where we guide you through the best practices for Laravel security. Explore how these techniques can not only enhance the security of your web applications but also bring tangible benefits to your development journey. In

API Security

Methodology: How we discovered over 18,000 API secret tokens

Hey there! It's just the beginning of the year, but our security research team has been working hard to identify current API security challenges. So for the Escape team, January went under the tagline "API secret sprawl" (we thought it was more fun than"Dry

Podcast

Security training: Necessary investment or overrated expense?⎥Mel Reyes (Global CEO, CIO, CISO, & CTO with 30 years of experience)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we’re excited to have an amazing guest, Mel Reyes, join us. Mel has navigated through two IPOs and three M&As, worked with several startups, Pepsi and

Django security

Best Django security practices

Learn to secure your Django applications effectively with our expert hands-on tutorial.

Product updates

Now you can easily gain comprehensive insights into your compliance posture

With our new Compliance Matrix feature, it takes just a few simple steps to get full visibility into your organization's compliance posture across all applications.

API Security

How to secure APIs built with Express.js

Want to know how to secure your Express.js APIs? Dive into our latest blog post, where we guide you through the best practices for Express.js security.

Podcast

What is ASPM: A breakdown of the current state and its future⎥James Berthoty (Security at PagerDuty)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we're excited to have an amazing guest, James Berthoty, joining us. James has been in technology for over 10 years across engineering and security. An early advocate

API Security

How to build secure APIs with Ruby on Rails: Security guide

Are your Ruby on Rails APIs as secure as they could be? In today's world, where digital security is no longer an option, ensuring the robustness of your APIs is crucial. If you find yourself uncertain when attempting to answer this question, then this guide is for you.

Flask security

Best practices to protect your Flask applications

Want to know how to protect your Flask applications? Dive into our latest blog post, where we guide you through the best practices for Flask security. Explore how these techniques can not only enhance the security of your web applications but also bring tangible benefits to your development journey. In

API Security

Webinar: Best Practices for API security

Learn the ins and outs of keeping your APIs secure.

Podcast

SCADA systems: How secure are the systems running our infrastructure?⎥Malav Vyas (Security Researcher at Palo Alto Networks)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today, we're excited to have an amazing guest, Malav Vyas, joining us. Malav is a security researcher at Palo Alto Networks, passionate about exploiting and securing systems. Security

API Security

Top 6 API security testing tools in 2024: a full review

💡The Top 6 API Security Testing Tools include: 1. Escape 2. Noname security 3. Salt Security 4. Stackhawk 5. Rapid7 6. 42Crunch How safe are your applications? In recent years, the significance of API (Application Programming Interface) usage and hence of API security has skyrocketed. According to Vanson Bourne'

Application Security

Threat modeling: the future of cybersecurity or another buzzword⎥Derek Fisher (author of The Application Security Handbook)

Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today we’re excited to have an amazing guest, Derek Fisher, joining us.  Derek is a cybersecurity leader, a speaker on various cybersecurity topics, and author of the famous “The

API Security

10 best practices to secure your Spring Boot applications

Explore the top 10 Spring Boot security best practices from the Escape team to secure your Java web applications efficiently.

API Security

ASP.NET security best practices

Curious about the key strategies to ensure the security and reliability of your ASP.NET applications, including building APIs? Dive into our latest blog post, where we guide you through ASP.NET security best practices. Explore how these practices can not only enhance the security of your web applications but

Product updates

What’s new - Escape Product Updates

Discover our latest product updates: support for Insomnia collections, WP-JSON schema, and additional business logic security tests. Plus you can now fully benefit from Escape's public API.

Podcast

Security experience: top-down vs bottom-up⎥Jeevan Singh (Rippling, Twilio) ⎥The Elephant in AppSec Podcast

Welcome to the second episode of The Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.

Product Security Roadmap

Webinar Recap: Building your Product Security Roadmap

In-depth recap of our hands-on product security webinar with James Berthoty—gather the best knowledge and insights!