May 2021

API Security? What’s Up?

Enterprise Breaches Through Compromised API’s Are Skyrocketing

APIs traffic comprises more than 80% of all HTTP traffic and application breaches through compromised APIs is growing exponentially.

Do you know all the APIs you have?  Do you understand which should be public vs. private?  Do you who should be using these APIs?  Do you follow a standard policy/approach for authentication, validation, and tracking of who is actually using these APIs?

Here is our monthly curated list of thought-provoking books, blogs, podcasts, and articles discussing the current thinking and best practices around API Security:


7 Open Source API Security Tools

By Vyom Srivastava

As more organizations share their APIs, the opportunity to take advantage of security vulnerabilities has increased.  As a result, we are seeing more and more severe data breaches of enterprise applications.

Here are 7 open-source security testing utilities, open standards, and free identity management tools that can be used to build and test a zero-trust API architecture.



Don’t Ignore APIs 

By Security Weekly

This podcast offers a great introduction to the whole concept of API security and its importance.

It also covers Public VS Private APIs and if the best practice should be segregation of the two.  This is a great way to get a comprehensive perspective of the challenge ahead.



Securing APIs: 10 Best Practices for Keeping Your Data and Infrastructure Safe

By Debbie Walkowski

An API endpoint is like any Internet-facing web server facing the same potential threat from malicious actors.

Websites at least employ some type of access control, requiring authorized users to log in. APIs often provide weak access control. Here are 10 best practices to up your API security.



API Security In Action

By Neil Madden

The “Authentication” and “Access Control” at an architectural level are critical, but they are not enough. Understanding what these concepts can and cannot protect is important when it comes to API security.

This book takes a comprehensive view of API security, reviewing the way things are and providing lots of pointers to modern, off-the-shelf, solutions to common security problems.

MangoChango’s ability to deliver unquestionable value to its clients is highly dependent on keeping abreast of new technologies and trends. Our clients value this commitment to leading edge thinking and expertise.

MangoChango’s engineers are experts in a wide variety of technologies, frameworks, tools, and languages, with an emphasis on continuous learning as new thinking, tools, and techniques come to market.

Check here for more information and to explore our technology assessment and maturity framework.

Meet The Team

Talent Inside MangoChango

View this email in your browser