Increase cyber resilience with the latest version of the Noname API Security Platform
Dozens of masterclasses taught by the people who know API security best
API Security is a programmatic approach to protecting APIs from the unique security risks and vulnerabilities that traditional AppSec tools don't address.
Learn what Dynamic Application Security Testing (DAST) is, discover the benefits and limitations, and uncover what makes DAST different than other methods.
Discover what Static Application Security Testing (SAST) is and get answers to FAQs around how SAST works, the difference between SAST vs DAST, and more.
Software Composition Analysis (SCA) is a process which identifies precisely what has been used in a piece of software. Learn everything you need to know.
The OWASP API Top 10 is a classification of the most common API vulnerabilities. Understand the biggest threats facing APIs and how to get prepared.
Though API gateways provide basic API security controls, they unfortunately are not enough to adequately protect your business from API specific threats.
A Web Application Firewall is a security device designed to protect at the application level. Get answers to what a WAF does, how it works, and more.
Learn what OpenAPI is, what it does, and how it works. We'll also explore some of the more notable reasons developers turn to the OpenAPI standard.
Noname Security provides unmatched API protection when compared to runtime protection solutions from Cequence, Prisma Cloud, Imperva, and more.
Discover how Noname Security provides superior API protection when compared to web application firewalls (WAFs) and API gateways.
See why Noname is the preferred API security vendor when compared to tools that only test APIs like those from 42Crunch, API Clarity, and more.
Evaluate legacy application security tools from Salt, Traceable, Wallarm, and more, against the best-in-class API protection from Noname Security.
Application programmable interfaces, or APIs, are vital for digital transformation. Learn what APIs are, what they do, and why protecting them is critical.
Broken Object Level Authorization is the top API security vulnerability according to OWASP. Learn how serious the threat is and how to defend against it.
Discover how the latest API security best practices enhance your API security posture and enable you to mitigate a great proportion of API risk.
Without proper safeguards, REST APIs represent a vulnerable attack surface. Explore the most common and effective countermeasures against threats.
Business logic maps how the various parts of a business work together in real life. Discover why many applications rely on it in order to work correctly.
Securing application programming interfaces (APIs) can be challenging. Use this checklist to establish best practices and identity areas for improvement.
GraphQL is a query language for APIs that allows you to express requests concisely. Learn why its popular among developers working on large-scale web apps.
Learn what microservices are, how they help improve application functionality, and enable developers to easily create and maintain software applications.
Learn how the right plans can help you continue its operations in the event of a major disruption, such as a natural disaster or security incident.
Learn what an API call is, what the most common types of API calls are, as well as how best to keep them secure against malicious threats.
Learn what a denial of service attack is, the types of attacks, how they are conducted, and how to protect your organization against them.
Learn the difference between modern API security testing tools and traditional application security solutions like DAST, SAST, IAST, and SCA.
Discover how attackers exploit weaknesses in API user authentication to compromise accounts and make API requests as if they were a legitimate user.
Learn what API security testing is, why it's important, and the vulnerabilities it can uncover. Get recommendations on optimal testing times and methods.
Learn what API discovery is, why it's important, and why having an accurate inventory of your all your API's is paramount to secure your environment.
Excessive data exposure ranks 3rd on the list of OWASP Top 10 API security risks. Learn what it is and how to reduce the excessive data exposure in APIs.
Discover why API runtime protection the foundation for identifying and blocking threats to your APIs. Learn techniques like anomaly detection and more.
Learn about Simple Object Access Protocol (SOAP), what it does, where it can be effective, and the vulnerabilities it can potentially create for APIs.
APIs handle significantly higher volumes of requests at different times. To meet increases in traffic, admins have two choices when it comes to scaling.
A load balancer functions like a network “traffic cop,” routing client requests, such as for web page views, to the servers that fulfill those requests.
Lack of resource and rate limiting ranks 4th on the list of OWASP Top 10 API security risks. Learn what it is and how to protect your APIs.
Attack vectors are methods or pathways hackers use to gain illegal access to a computer, system, or network to exploit system vulnerabilities.
Using JSON-RPC, an application can send a message to another application requesting that it perform a function, such as the processing of data.
API authentication is critical for API security. It is a process that verifies the identities of users who want access to an API.
DevSecOps is a software development practice that adds security (Sec) to DevOps. DevOps combines software development (Dev) and IT operations (Ops).
The purpose of CI/CD is to help organizations work faster and more accurately, so they can rollout critical features at a rapid pace.
The Software Development Lifecycle is a framework for creating, deploying, and retiring software. We explore the 7 stages of the SDLC in this article.
The term DevOps refers to a set of practices that combines software development (Dev) and IT operations (Ops).
Penetration testing (or pen testing for short) involves performing simulated, fully authorized attacks on a company’s IT infrastructure and network.
API governance is the practice of making all APIs subject to a common set of rules, standards, and security policies.
Fuzz testing, or fuzzing, introduces deliberately malformed inputs into a system with the goal of triggering failures and uncovering vulnerabilities.
To succeed with API compliance, organizations must ensure that they're protecting any sensitive data that traverse their APIs.
Learn the meaning of tight and loose coupling and gain insights into what’s good about each approach and when to use them.
Understand the benefits of API management, how API management works, and how to choose the right API management tool.
APIs, Webhooks, and WebSockets each have a favored type of use case.
In SAML (Security Assertion Markup Language) the key word is assertion.
A service mesh is a layer of infrastructure that manages communications between microservices over a network.
API gateways and service meshes have a number of things in common, but they are different technologies.
Discover what an API key is, how they work, how to keep them secure, as well as the difference between API keys and account credentials.