I'm giving a paid workshop on the #OWASP #APISecurity Top Ten with AntiSyphon training on September 19th, with a ranging pay scale. Check it out here:
Administered by:
#apisecurity
5 posts4 participants0 posts today
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Top Ten Security Tips for APIs”
https://twp.ai/4ioX6N
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
The Rise of Agentic AI: A New Frontier for API Security – Source: securityboulevard.com https://ciso2ciso.com/the-rise-of-agentic-ai-a-new-frontier-for-api-security-source-securityboulevard-com/ #SecurityBoulevard(Original) #rssfeedpostgeneratorecho #ArtificialIntelligence #AIandMLinSecurity #AIenhancedattacks #CyberSecurityNews #SecurityAwareness #SecurityBoulevard #SocialFacebook #SocialLinkedIn #Cybersecurity #APIsecurity #agenticai #CISOSuite #SocialX #owasp #CISO
CISO2CISO.COM & CYBER SECURITY GROUP · The Rise of Agentic AI: A New Frontier for API Security – Source: securityboulevard.comSource: securityboulevard.com - Author: Randolph Barr
The shift to agentic AI isn’t just a technical challenge — it’s a leadership opportunity for CIS
Rethinking API Security: Confronting the Rise of Business Logic Attacks (BLAs) – Source: securityboulevard.com https://ciso2ciso.com/rethinking-api-security-confronting-the-rise-of-business-logic-attacks-blas-source-securityboulevard-com/ #SecurityBoulevard(Original) #rssfeedpostgeneratorecho #BusinessLogicAttack #CyberSecurityNews #SecurityBoulevard #threatdetection #SocialFacebook #SocialLinkedIn #Cybersecurity #APIsecurity #SocialX #traffic #BLAs
CISO2CISO.COM & CYBER SECURITY GROUP · Rethinking API Security: Confronting the Rise of Business Logic Attacks (BLAs) – Source: securityboulevard.comSource: securityboulevard.com - Author: Uri Dorot
BLAs exploit the intended behavior of an API, abusing workflows, bypassing controls and manipulating trans
API Use is Growing Fast, but Security is Lacking: Raidiam – Source: securityboulevard.com https://ciso2ciso.com/api-use-is-growing-fast-but-security-is-lacking-raidiam-source-securityboulevard-com/ #SecurityBoulevard(Original) #rssfeedpostgeneratorecho #sensitivedataprotection #ThreatIntelligence #CyberSecurityNews #SecurityBoulevard #Identity&Access #NetworkSecurity #MobileSecurity #SocialFacebook #SocialLinkedIn #CloudSecurity #Cybersecurity #datasecurity #SaltSecurity #APIsecurity #Spotlight
CISO2CISO.COM & CYBER SECURITY GROUP · API Use is Growing Fast, but Security is Lacking: Raidiam – Source: securityboulevard.comSource: securityboulevard.com - Author: Jeffrey Burt
A survey by UK company Raidiam found that even as the use of APIs continues to growth, most organizatio
CISOs urged to fix API risk before regulation forces their hand https://www.helpnetsecurity.com/2025/07/08/report-enterprise-api-security-risks/ #cybersecurity #APIsecurity #securityROI #compliance #monitoring #regulation #Raidiam #report #survey #News #CISO
Help Net Security · CISOs urged to fix API risk before regulation forces their hand - Help Net SecurityA report highlights critical enterprise API security risks, revealing vulnerabilities and gaps in authentication, monitoring, and governance.
We had a great time at #apidays #Munich last week! 
Grayloggers Ramon Marquez and Jürgen Venhorst pulled out all the stops to welcome conference goers and talk to them about what's new and exciting with #Graylog. 
Plus, Ramon had a chance to educate people about using runtime monitoring to detect and block low-volume attacks. 
Didn't catch Ramon or Jürgen at the event? You can reach out here: https://graylog.org/contact-us/ or DM them through LinkedIn. #API #APIs #APIsecurity
API Sprawl Can Trip Up Your Security, Big Time – Source: securityboulevard.com https://ciso2ciso.com/api-sprawl-can-trip-up-your-security-big-time-source-securityboulevard-com/ #SecurityBoulevard(Original) #rssfeedpostgeneratorecho #CyberSecurityNews #SecurityAwareness #SecurityBoulevard #SocialFacebook #SocialLinkedIn #Cybersecurity #APIsecurity #APIsprawl #Security #SocialX
CISO2CISO.COM & CYBER SECURITY GROUP · API Sprawl Can Trip Up Your Security, Big Time – Source: securityboulevard.comSource: securityboulevard.com - Author: Saqib Jan
The future of API security is not just about better firewalls — it is about smarter governance, automati
I'm giving a paid workshop on the #OWASP #APISecurity Top Ten with AntiSyphon training on September 19th, with a ranging pay scale. Check it out here:
Attention
The #GraylogGO #CFP deadline is TOMORROW—Friday, June 27th. Got questions about the GO CFP? We've got answers.
Q: Is this conference virtual, in-person, or both?
A: It's all virtual this year! So there's no travel or hotel costs involved.
Q: Are there different conference tracks?
A: Yes! There will be a Risk Management track and a Data Management track.
Q: I'd like to submit a speaking proposal but I'm not sure what to talk about. Do you have suggestions?
A: Yes! Take a look at this page for some great ideas and to submit your proposal. 
https://graylog.org/post/get-to-know-graylog-go/
What would you do if you discovered a #bug or #loophole that provided free lifetime service instead of the usual annual or monthly fees? I've been trying to reach out to the company for a year, sending emails and requesting contact with their #development or #security team, but I haven't received a response.
The #CEO is active on #X and #Meta, but I don't have accounts on those platforms but I can't contact him directly anyway since DMs are disabled. Any suggestions?
The service still works after a year of using it.
Join Tanya Janca on November 5 for a 1-day, hands-on training session at OWASP Global AppSec USA 2025 and learn how to design and harden APIs the right way.
Secure your training spot now: https://owasp.glueup.com/event/131624/register/
There are many ways to attack an #API, and most attackers share the same goal—to steal as much sensitive info as possible without being detected. 
In the worst case scenarios attackers use "low and slow" data exfiltrations to steal a few records at a time, over a long period of time. 
Join Graylog,'s Ramon Marquez at #apidays Munich on July 3rd at 12:05 pm local time for "Hunting Silent Raiders: Detecting and recovering from 'low and slow' data exfiltrations." 
Learn how to use runtime monitoring to detect and block low-volume attacks, before entire datasets are stolen. 
https://www.apidays.global/ #APIs #APIsecurity #cybersecurity #APIdaysmunich @apidaysglobal
Alright friends, it's Friday and you know what that means... you have THE WHOLE WEEKEND to work on your speaking proposal for #GraylogGO! The deadline to submit is June 27th, so you'll want to get on that—basically—now. 
There will be two tracks at this year's virtual conference which takes place Sept. 16th-17th: Risk Management and Data Management. We welcome proposals from Graylog #Security and Enterprise customers as well as Graylog open source users. You don’t need to be a professional speaker—just someone with a story to tell! 
Not sure what to talk about? Here are some ideas:
Customer success stories
Traditional or unique use cases
Upgrading from open source to Graylog Enterprise or Graylog Security
Migration to Graylog 6.1 or 6.2
Compliance and audit readiness using #Graylog Threat detection, hunting, and incident response
System scaling, performance tuning, and integration workflows
Lessons learned, tips and tricks, or internal enablement strategies
Learn more and submit your proposal here. https://graylog.org/post/get-to-know-graylog-go/ #SIEM #cybersecurity #APIsecurity
Thank you for a great AWS re:Inforce this week! We came, we saw, and Rich Murphy conquered—with his presentation on Taming the Alert Avalanche. 
It's been an epic conference season, and the festivities will continue with apidays Munich and #DEFCON33 coming up in July and August. 
See you there!
https://graylog.org/events/ #cybersecurity #infosec #SIEM #APIsecurity
#JWT: 'Attacking JWT using X509 Certificates': how an attacker could sign the JWT token with their own private key and modify the header value to specify their public key for signature verification:
#AppSec
#APIsecurity
https://trustedsec.com/blog/attacking-jwt-using-x509-certificates
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Top Ten Security Tips for APIs” https://twp.ai/4in9ou
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Identifying high-risk APIs across thousands of code repositories https://www.helpnetsecurity.com/2025/06/12/joni-klippert-stackhawk-apis-sensitive-data-detection/ #cybersecurity #APIsecurity #Don'tmiss #StackHawk #Features #Hotstuff #opinion #News #data
Help Net Security · Identifying high-risk APIs across thousands of code repositories - Help Net SecuritySensitive Data Detection helps security teams focus on the APIs that matter most by flagging where regulated data types are being handled
And... that's a wrap on #GartnerSEC! 
We had a fun and busy three days in National Harbor, MD. 
Special shout out to Steve Mosley from Bitdefender, who stopped by to connect and party at our booth. The #Graylog booth is ALWAYS where you want to be at the #cybersecurity shows. Trust us!
We had a great time at Infosecurity Europe last week! Thank you to everyone who stopped by to chat with us about all-things #Graylog, during the show. If you didn't catch us there, we'll be at more exciting industry events in the near future... including:
AWS re:Inforce API Days Munich DEFCON 33 it-sa Expo&Congress
More info on our whereabouts. https://graylog.org/events/ #cybersecurity #APIsecurity #SIEM #logmanagement