GraphQL API security risks every developer should know about
Wiz Expertenteam
GraphQL API security is a set of specialized practices and controls for protecting GraphQL endpoints.
API Security
Understand how organizations protect the APIs powering cloud-native apps. These articles cover common threats, auth patterns, and the hands-on tactics teams use to keep data moving safely across distributed systems.
Wiz in Aktion erleben
Sehen Sie, wie Wiz Cloud-Sicherheitsgrundlagen in reale Ergebnisse umsetzt.
Unmanaged API security: What cloud teams need to know
Wiz Expertenteam
Unmanaged APIs are undocumented interfaces that operate outside standardized security and governance frameworks.
API security posture management explained
Wiz Expertenteam
API security posture management, or API-SPM, is a security discipline that focuses on maintaining and proactively improving the security health of enterprise APIs.
What is API pen testing? Security fundamentals explained
Wiz Expertenteam
API penetration testing is a security assessment method that simulates real-world attacks on an application programming interface, or API.
The Best Open-Source API Security Tools and When to Use Them
Wiz Expertenteam
Discover top OSS API security testing tools. See how Wiz’s Dynamic Scanner delivers complete visibility, runtime protection, and contextual risk analysis.
What is API scanning?
Wiz Expertenteam
API scanning is the automated process of analyzing APIs to detect security vulnerabilities, misconfigurations, and logic flaws.
API Security: Best Practices for Safer Cloud Security
11 essential API security best practices that every organization should start with
What is API Security?
API security encompasses the strategies, procedures, and solutions employed to defend APIs against threats, vulnerabilities, and unauthorized intrusion.
How to mitigate API security risks & vulnerabilities in 2026 (and beyond)
API security risks are the complete spectrum of threats targeting application programming interfaces (APIs), including technical vulnerabilities, misconfigurations, and business logic flaws.
What is API attack surface management?
API attack surface management is focused on discovering, inventorying, analyzing, and continuously monitoring all APIs within an organization’s cloud environment. This enables identification and mitigation of points of exposure that could lead to a breach.
What is a shadow API? Security risks, detection, and prevention explained
Effective shadow API security requires continuous discovery, runtime context, and code-to-cloud visibility to identify unsanctioned APIs before they’re exploited by attackers.
What is API drift and how do you prevent it?
API drift occurs when APIs in production diverge from their documented specifications.
API Abuse: How to Defend & Prevent Risk
API abuse is the intentional misuse of API functionality in order to bypass security controls, extract unauthorized data, or disrupt services.
API discovery: How it works + best practices
API discovery is the process of finding, mapping, and cataloging every single API across your entire digital estate, including your public-facing cloud accounts and your on-premises data centers.
Broken API authentication: Cloud security risks explained
Broken API authentication is an API security risk that occurs when an API doesn’t properly check and confirm who’s making a certain request.
OWASP API Security Top 10 Risks
The OWASP API Security Project offers software developers and cloud security practitioners guidance on preventing, identifying, and remediating the most critical security risks facing application programming interfaces (APIs).
Zombie APIs: A hidden security risk
Zombie APIs are API endpoints that remain operational despite lacking ongoing maintenance or official support.
API Security Checklist 2026: OWASP-Aligned, Code-to-Cloud Best Practices
An API checklist serves as a framework to help your security team systematically detect and tackle threats and vulnerabilities throughout the API lifecycle. Its end goal? To strengthen your overall security posture by standardizing API security efforts.
What are API attacks?
API attacks are attempts to exploit weaknesses in application programming interfaces – the connectors that let software systems communicate and exchange data.
Top API Vulnerabilities: How to Detect, Prioritize, and Prevent Real-World Risk
Application programming interfaces (APIs) enable communication between services, applications, and data systems—powering everything from mobile apps to large-scale enterprise platforms.
What is an API Catalog?
An API catalog is the best way to protect your organization from API risks: It surfaces hidden routes, weak auth, and sensitive data, anchoring effective security.
API Governance: Best Practices & Solutions
API governance refers to the policies, standards, and processes that guide how APIs are built, managed, and secured.
Top API Security Solutions (and how to choose the right one)
In this article, we’ll break down what capabilities a strong API security tool needs to have and look at different categories of API security solutions, plus examples.
REST API security: Best practices, risks, and tools
REST API security is the combination of technologies and practices used to safeguard RESTful endpoints from attacks, such as unauthorized access, exploitation, and abuse.