How are you improving API security testing?

Security & GRC Quality, Testing and Security

5.3k views2 Comments

Sort by:

CISOa year ago

Make sure assessment tools consume the Open API standard such that the tool can interact with the API and some level of coverage can be achieved. https://swagger.io/specification/

API testing is pretty much usless without knowledge of how the API works and how to communicate with it.

Consider API discovery across all Internet facing endpoints to help uncover unknown API's

Director of IT in IT Servicesa year ago

We're constantly refining our API security testing by leveraging the latest tools and techniques to stay ahead of potential vulnerabilities. I am not mentioning tool names and techniques as the tools and techniques are dependent on API and use cases, the tool/technologies we are using may/may not be best for your organisation.

Content you might like

The use of Generative AI in the textile and industrial sectors — for instance in fashion companies or in the creation of marketing content — carries significant risks if not supported by adequate detection and risk management tools. Generative models may unintentionally incorporate elements protected by intellectual property rights, such as registered styles, patented designs, or content belonging to other fashion houses.

A notable example is the “Studio Ghibli” case, where AI-generated works reproduced distinctive, protected features.

In this context, how should Risk Managers equip themselves to prevent and mitigate such risks, ensuring innovation while avoiding legal violations and reputational damage?

When it comes to digital forensics and incident response, are you mostly relying on internal or external resources to conduct forensics?

External54%

Internal45%

Not sure

View Results

Which of these certifications is important to you when hiring a software tester? Choose all that apply.

Certified Associate in Software Testing (CAST)29%

Certified Software Tester (CSTE)48%

ISTQB Foundation Level32%

ISTQB Agile Tester25%

Certification in a specific automation tool (i.e. Selenium, Ranorex)23%

Other certification5%

None8%

View Results

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?

How are you improving API security testing?

Sort by:

Content you might like

When it comes to digital forensics and incident response, are you mostly relying on internal or external resources to conduct forensics?

Which of these certifications is important to you when hiring a software tester? Choose all that apply.

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?

Any tips for evaluating/implementing solutions for application detection and response? What’s your experience been like with these tools so far?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go