{"id":78708,"date":"2022-08-24T09:23:14","date_gmt":"2022-08-24T13:23:14","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=78708"},"modified":"2024-08-14T10:23:52","modified_gmt":"2024-08-14T10:23:52","slug":"api-security-is-the-new-endpoint-security-2","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/","title":{"rendered":"API Security Is the New Endpoint Security"},"content":{"rendered":"\n<p>Endpoint security remains a constant challenge for organizations 25 to 30 years later. Even in the 90s when things were much simpler, understanding what was attached to a corporate network was a seemingly insurmountable task\u2014and that was with good port security. Today, not only do organizations manage, maintain, and secure the devices they issue but also, so much business is conducted on personal devices operating within a network that is under constant change. Factor SaaS and cloud services into the mix, and it gets even more daunting. It\u2019s no wonder that endpoint security and data protection remain a constant battle for most organizations today.&nbsp;<\/p>\n\n\n\n<p>Understanding inventory and what should or should not be part of the corporate ecosystem, control over those endpoints, incident response, policy, compliance, malware \u2026 The list of challenges is at best constant, at worst, ever-growing. It\u2019s not a new problem but one that remains difficult to solve. It seems that infrastructure and security teams are relegated to robust reactive measures (e.g., incident response) when proactive measures are undermined by careless or thoughtless users.&nbsp;&nbsp;<\/p>\n\n\n\n<p>There is a certain level of irony in the fact that APIs (application programming interfaces) are often referred to as endpoints as well. Architecturally, APIs are designed to make software more extensible and offer flexibility to unique and custom use cases. Each API is defined as a contract, which accepts certain input and provides certain output. Most modern software leverages private APIs to proffer out-of-the-box functionality as well as public APIs, which users of the software may interact with to extend functionality or cater to their own specific use case.&nbsp;<\/p>\n\n\n\n<p>Much like physical (or virtual) machines on a network, APIs represent a significant viable attack surface area for would-be attackers. What\u2019s more, command and control over APIs, how they\u2019re built, what security mechanisms they employ, the data they expose, and how and when they are released or sunset is an increasingly challenging problem that organizations are forced to deal with.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Security teams often aren\u2019t advanced enough to look into what developers are deploying; documentation of APIs is often lacking; version control is often missing; and as a result, the underbelly of deployed applications is (unintentionally) exposed. Some security reports suggest that 40 to 50 percent of organizations have experienced an API breach in the last year, and research also suggests that an overwhelming volume of API traffic is malicious. Well-known companies like Peloton, LinkedIn, Experian, and John Deere have all dealt with the fallout of <a href=\"https:\/\/checkmarx.com\/product\/api-security\/\">API security<\/a> challenges.&nbsp;<\/p>\n\n\n\n<p>For the developer audience that may be interested in common weaknesses of APIs and how they\u2019re built insecurely, consider reviewing the OWASP API Security Project. For the security architects and risk managers, there are a couple of obvious first steps to gain ground on the API challenge.\u00a0<\/p>\n\n\n\n<p>First, you cannot protect, regulate, or inspect what you don\u2019t know about. Discovery, much like infrastructure endpoint security, is a very critical first step. Second, once you know what\u2019s out there, you need to gain an understanding of what type of data may be exposed by these APIs. APIs that expose sensitive data should be known, documented, and properly secured. Lastly, find out what exploitable weaknesses or vulnerabilities may be lurking in the implementation of that API (see <a href=\"https:\/\/owasp.org\/www-project-api-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">OWASP API Security Project<\/a>).&nbsp;<\/p>\n\n\n\n<p>Seems easy, right?&nbsp;<\/p>\n\n\n\n<p>Most security tooling for API security lives in runtime space. This means these tools can examine, in real-time, API calls and the data that these APIs are delivering. But in many cases, this is too late. These tools support a reactionary model that relies on stopping malicious actors just in time, if at all, and they are less capable of detecting data sensitivity concerns or vulnerabilities in the implementation of an API.&nbsp;<\/p>\n\n\n\n<p>A better way to do API security is to <em>shift left<\/em> and look at the code developers are writing. With this approach, discovery, data sensitivity issues, and exploitable vulnerabilities in API code can be identified simply by interrogating code stored in a repository. All this can be done well before any APIs are deployed in a production environment. The opportunity to trap security issues well before they are a legitimate risk, and when they\u2019re cheaper to fix, is significant and a game-changer in the API-security space.&nbsp;<\/p>\n\n\n\n<p>API security tooling isn\u2019t new, but it\u2019s never been done the Checkmarx way. To learn more, check out <a href=\"https:\/\/checkmarx.com\/product\/api-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">Checkmarx<\/a><a href=\"https:\/\/checkmarx.com\/product\/api-security\/\"> API Security<\/a>.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Endpoint security remains a constant challenge for organizations 25 to 30 years later. Even in the 90s when things were much simpler, understanding what was attached to a corporate network was a seemingly insurmountable task\u2014and that was with good port security. Today, not only do organizations manage, maintain, and secure the devices they issue but [&hellip;]<\/p>\n","protected":false},"author":67,"featured_media":79335,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[84],"tags":[218,87,189,395,406,397,190,403,228],"class_list":["post-78708","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-api-security","tag-appsec","tag-article","tag-awareness","tag-checkmarx-application-security-platform","tag-developer","tag-english","tag-leadership","tag-owasp-top-10-api"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>API Security Is the New Endpoint Security<\/title>\n<meta name=\"description\" content=\"Much the same way as endpoint security, APIs present yet another attack vector with which security teams need to be concerned. With a \u0093Shift Left\u0094 approach, discovery, data sensitivity issues, and exploitable vulnerabilities in API code can be identified simply by interrogating code stored in a repository, and all this can be done well before any APIs are deployed in a production environment.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"API Security Is the New Endpoint Security\" \/>\n<meta property=\"og:description\" content=\"Much in the same way that organizations faced 25-30 years ago around endpoint security, APIs present yet another attack vector with which security teams need to be concerned. With a \u201cShift Left\u201d approach, discovery, data sensitivity issues, and exploitable vulnerabilities in API code can be identified simply by interrogating code stored in a repository, and all this can be done well before any APIs are deployed in a production environment.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-24T13:23:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-14T10:23:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chris Merritt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"API Security Is the New Endpoint Security\" \/>\n<meta name=\"twitter:description\" content=\"Much in the same way that organizations faced 25-30 years ago around endpoint security, APIs present yet another attack vector with which security teams need to be concerned. With a \u201cShift Left\u201d approach, discovery, data sensitivity issues, and exploitable vulnerabilities in API code can be identified simply by interrogating code stored in a repository, and all this can be done well before any APIs are deployed in a production environment.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chris Merritt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/\"},\"author\":{\"name\":\"Chris Merritt\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/244db2759c174bdd8dcaa0a71de3bed2\"},\"headline\":\"API Security Is the New Endpoint Security\",\"datePublished\":\"2022-08-24T13:23:14+00:00\",\"dateModified\":\"2024-08-14T10:23:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/\"},\"wordCount\":752,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg\",\"keywords\":[\"API Security\",\"AppSec\",\"Article\",\"Awareness\",\"Checkmarx Application Security Platform\",\"Developer\",\"English\",\"Leadership\",\"OWASP Top 10 API\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/\",\"name\":\"API Security Is the New Endpoint Security\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg\",\"datePublished\":\"2022-08-24T13:23:14+00:00\",\"dateModified\":\"2024-08-14T10:23:52+00:00\",\"description\":\"Much the same way as endpoint security, APIs present yet another attack vector with which security teams need to be concerned. With a \u0093Shift Left\u0094 approach, discovery, data sensitivity issues, and exploitable vulnerabilities in API code can be identified simply by interrogating code stored in a repository, and all this can be done well before any APIs are deployed in a production environment.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg\",\"width\":1600,\"height\":800},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/244db2759c174bdd8dcaa0a71de3bed2\",\"name\":\"Chris Merritt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_67.jpeg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_67.jpeg\",\"caption\":\"Chris Merritt\"},\"url\":\"https:\/\/checkmarx.com\/author\/chrismerritt\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"API Security Is the New Endpoint Security","description":"Much the same way as endpoint security, APIs present yet another attack vector with which security teams need to be concerned. With a \u0093Shift Left\u0094 approach, discovery, data sensitivity issues, and exploitable vulnerabilities in API code can be identified simply by interrogating code stored in a repository, and all this can be done well before any APIs are deployed in a production environment.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/","og_locale":"en_US","og_type":"article","og_title":"API Security Is the New Endpoint Security","og_description":"Much in the same way that organizations faced 25-30 years ago around endpoint security, APIs present yet another attack vector with which security teams need to be concerned. With a \u201cShift Left\u201d approach, discovery, data sensitivity issues, and exploitable vulnerabilities in API code can be identified simply by interrogating code stored in a repository, and all this can be done well before any APIs are deployed in a production environment.","og_url":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2022-08-24T13:23:14+00:00","article_modified_time":"2024-08-14T10:23:52+00:00","og_image":[{"width":1600,"height":800,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg","type":"image\/jpeg"}],"author":"Chris Merritt","twitter_card":"summary_large_image","twitter_title":"API Security Is the New Endpoint Security","twitter_description":"Much in the same way that organizations faced 25-30 years ago around endpoint security, APIs present yet another attack vector with which security teams need to be concerned. With a \u201cShift Left\u201d approach, discovery, data sensitivity issues, and exploitable vulnerabilities in API code can be identified simply by interrogating code stored in a repository, and all this can be done well before any APIs are deployed in a production environment.","twitter_image":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Chris Merritt","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/"},"author":{"name":"Chris Merritt","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/244db2759c174bdd8dcaa0a71de3bed2"},"headline":"API Security Is the New Endpoint Security","datePublished":"2022-08-24T13:23:14+00:00","dateModified":"2024-08-14T10:23:52+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/"},"wordCount":752,"commentCount":0,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg","keywords":["API Security","AppSec","Article","Awareness","Checkmarx Application Security Platform","Developer","English","Leadership","OWASP Top 10 API"],"articleSection":["Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/","url":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/","name":"API Security Is the New Endpoint Security","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg","datePublished":"2022-08-24T13:23:14+00:00","dateModified":"2024-08-14T10:23:52+00:00","description":"Much the same way as endpoint security, APIs present yet another attack vector with which security teams need to be concerned. With a \u0093Shift Left\u0094 approach, discovery, data sensitivity issues, and exploitable vulnerabilities in API code can be identified simply by interrogating code stored in a repository, and all this can be done well before any APIs are deployed in a production environment.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/api-security-is-the-new-endpoint-security-2\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_API.jpg","width":1600,"height":800},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/244db2759c174bdd8dcaa0a71de3bed2","name":"Chris Merritt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_67.jpeg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_67.jpeg","caption":"Chris Merritt"},"url":"https:\/\/checkmarx.com\/author\/chrismerritt\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/78708","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/67"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=78708"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/78708\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/79335"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=78708"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=78708"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=78708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}