LIVE WEBINAR: Are You Properly Using JWTs?

JSON Web tokens (JWTs) are used massively in API-based applications as access tokens or to transport information across services. Unfortunately, JWT are often mis-used and incorrectly handled. Massive data breaches have occurred in the last 18 months due to token leakage and lack of proper of validation. This session focuses on best practices and real […]

Continue reading


WEBINAR: 42Crunch Platform Demo: No PowerPoint, no BS, just ACTION!

Here’s the deal… The 42Crunch solution lets you describe security as code as part of your OpenAPI specification files, allowing you to entirely automate the API security process, from the very beginning of the API lifecycle. Developers can simply annotate their API contracts to describe the required security policies and we process those annotations to […]

Continue reading


WEBINAR: Positive Security for APIs – What it is and why you need it!

Positive Security for APIs: What it is and why you need it! Many of the issues on the OWASP API Security Top 10 are triggered by the lack of input or output validation. Here are a few illustrative real-life examples on this: Drupal suffered a major issue in February 2019: a remote code execution flaw […]

Continue reading


Positive Security for APIs: what it is and why you need it!

When visiting prospects or presenting our solution at conferences, we inevitably get asked the same question: what’s the difference between your solution and a Web Application Firewall (WAF)? The core difference is that we know what we are protecting, WAFs don’t. WAFs were built to protect web applications and there is no standard way to […]

Continue reading


WEBINAR: The OWASP API Security Top 10

The OWASP API Security Top 10 In recent years, large reputable companies such as Facebook, Google and Equifax have suffered major data breaches that combined exposed the personal information of hundreds of millions of people worldwide. The common vector linking these breaches – APIs. The scale and magnitude of these breaches are the reason API […]

Continue reading


Deploying DevSecOps for APIs: a tale of shifting left…

DevSecOps is a hot topic at the moment, and particularly relevant when dealing with API development. APIs are growing at an exponential rate: not only  are they the backbone of any application, but microservices architecture imply exposing internal APIs for every microservice or group of microservices. The average number of APIs to protect within an […]

Continue reading