Traceable

Traceable's Jisheng Wang, will be presenting at the Gen AiX Summit this week! In his talk, Jisheng will unpack the risks unique to LLMs, drawing on the OWASP Top 10 frameworks for applications and APIs. With real-world examples, he’ll spotlight key threats like Prompt Injection, Sensitive Information Disclosure, and Training Data Poisoning—and discuss mitigation strategies that leaders and developers can implement today. Let’s foster a security-conscious culture that evolves with AI’s rapid advancements, ensuring that generative AI drives innovation safely and sustainably. Get more info on his talk here: https://lnkd.in/eHRSZ4mX

Mellivora Technology is extremely proud & excited to announce it's strategic partnership with Traceable! Traceable is the leader in "context" driven API security. As digital transformation accelerates, protecting API's is more crucial than ever. Through our strong distribution strategy and inherent drive to solve complex security problems, Traceable allows our customers to safeguard their data & better equip themselves to monitor & secure every API interaction. Understanding the mere API sprawl in a network is not enough, Traceable is data & identity aware when it comes to contextualising the API itself- providing more in-depth visibility and "context" to the call being initiated. The better the visibility the more empowered our customers are! Peleg Lotan Claire Wake Loukas Nikolaou See more here: https://www.traceable.ai/ #MellivoraTechnology #Traceable #APISecurity

Hidden deep in your system are shadow, rogue, zombie, and undocumented APIs—each posing unique threats and offering a potential foothold for attackers. Katie takes us on a journey through these "API graveyards", shedding light on the hidden dangers that could become your organization’s next security nightmare. 🔍 In this episode, Katie shares: 🔹 Real-life examples of how these APIs have been exploited 🔹 Insights into why these APIs often go unnoticed and become security risks 🔹 Best practices for uncovering these hidden APIs before they’re exploited Key discussion points: 1. What are “unknown APIs,” and what distinguishes shadow, rogue, zombie, and undocumented APIs? 2. Why do these APIs frequently go unnoticed, and how do they pose security risks? 3. What makes these APIs so attractive to attackers, and how can organizations prevent exploitation? 4. Strategies and tools for uncovering hidden APIs and securing your environment. 🎧 Listen to the full podcast here: https://lnkd.in/gYRCTQg4

Don’t Miss Out! Tune in to the latest episode of Cyber Work featuring Katie Paxton-Fear, an API hacker at Traceable, (and the face behind the popular YouTube channel, InsiderPhD). 🎥 🔍 Explore API security, common defense mistakes, and bug bounty insights as Katie shares her journey merging tech with linguistics. 🛠️ Discover her pioneering NLP work on insider threats and get practical tips on becoming an API security expert. 🤖 Learn about the role of AI in securing APIs, detecting insider cyber threats, and the importance of resonant content creation. Whether you’re interested in freelance ethical hacking, technical marketing, or leveling up your cybersecurity skills, this episode is packed with insights! 🎧 Tune in here: https://bit.ly/4dZausC

Our Halloween Podcast Series Continues with Richard Bird! 🕸️ In another episode this week, The Haunted Web: Navigating API Sprawl and Creepy Crawlers, Traceable’s Chief Security Officer, Richard Bird, explores the spooky side of API security. 😱 As organizations grow, so does the complexity of their APIs. This API sprawl creates a tangled web where “creepy crawlers” (unmanaged and undocumented APIs) lurk, posing serious security risks. Richard discusses: 🕵️♂️ The different types of “unknown APIs”: shadow, rogue, zombie, and more ⚠️ Why these APIs often go unnoticed and the threats they introduce 🎯 Why attackers target these vulnerabilities, plus real examples of exploitation 🔍 Strategies for uncovering hidden APIs and securing a sprawling ecosystem Tune in to the full episode 🎙️ https://lnkd.in/ggrDWywY

Trend Micro’s latest report reveals how attackers are abusing exposed Docker APIs to deploy the ‘perfctl’ malware, granting them access to host systems through container escapes. These vulnerabilities allow hackers to persistently run malicious processes and maintain access, even after system reboots. Katie Paxton-Fear, API researcher at Traceable, emphasizes the importance of securing Docker’s remote management API: 💬 “While remote access APIs can make management a breeze, you should really think twice before enabling it by default. If you are not 100% sure you need this feature, the safest thing to do is disable it. In this case, the researchers were able to pivot from a single Docker container to the host via a container escape, but if the management API is simply disabled when not in use, the vulnerability is completely avoidable.” Katie further advises organizations that do require the API to implement strong authentication and monitoring: 💬 “If you do need the remote management API, ensure that you use strong authentication and authorization. Also, have logging and monitoring in place for Docker exec so you are aware when new containers are created and used.” Get the full story here: https://lnkd.in/gurheqFh

As Cybersecurity Awareness Month continues and Halloween creeps closer, it’s the perfect time to unearth the hidden dangers lurking in your API ecosystem. 🏚️ Introducing our new podcast series, The Haunted House of APIs, where Traceable's Jayesh Ahire guides you through the chilling realities of API vulnerabilities and the critical strategies to protect your systems. In this episode, he stirs up the “Witch’s Brew” of API threats, including the notorious OWASP Top 10 for APIs. Jayesh discusses: 🧙♂️ The most common API vulnerabilities and why they pose serious risks ⚙️ How proactive API security testing can help detect these threats before they escalate 🛡️ Expert tips for creating a strong API testing framework to safeguard your digital environment 🔗 Listen now and gain the insights you need to turn your API house from haunted to secure! https://bit.ly/3NA0sTI

The demo is right around the corner—join us on October 31st for a 30-minute technical session where a Traceable engineer will reveal the hidden dangers of shadow APIs. 🧙♂️ What’s in store: 🔍 Uncover shadow APIs lurking in your infrastructure 🛡️ Explore Traceable’s API security platform 🎯 No tricks, just real insights — no sales pitch, promise! 🎃 Secure your spot today and learn how to protect your APIs from lurking threats this Halloween! https://bit.ly/4g7wKTj

PCI DSS 4.0 is here, and it's essential for businesses to stay compliant to protect sensitive payment data. In her latest article, Katie Paxton-Fear, API Security Researcher at Traceable, simplifies what you need to know. Here are the key takeaways: 🛡️ Network security – Clear policies, restricted access, and regular updates are critical. 🔐 Protect account data – Minimize storage, encrypt data, and limit access. 📉 Vulnerability management – Scan for vulnerabilities, update software, and remediate quickly. 🔒 Access control – Limit access to payment data by default and secure both digital and physical systems. 🖥️ Monitor and test – Regular audits and tests keep your systems secure. 📝 Information security policy – Ensure constant compliance and maintain strong, documented policies. 👇 Get the latest here: https://bit.ly/4fcRcRr

Interested in learning more about API security in a live class? Join us for the Traceable API Security Masterclass a free interactive webinar-base class, in episode 1 we cover the basics, what are APIs, the different types of APIs, and answer the question, why are they so vulnerable anyway??