The API economy is exploding.

As more and more companies begin to expose their data via APIs, the security of these services becomes paramount. This white paper provides a comprehensive list of best practices for securing your API ...

Continue Reading
I like the way it looks and feels.

I don't like how it sounds, but that's not a big deal for me. It has good build quality and is very comfortable to use https://t.co/yUt4IYjqmJ ...

Continue Reading
The attacker is able to fake their own location, and then use the app’s API to determine the distance between themselves and other users.

This allows them to triangulate a user’s position with sufficient precision that they can be pinpointed on a map. This attack was possible because: Bumble did not validate the latitude/longitude va ...

Continue Reading
I’m not sure what you’re asking.

The only way to know for sure is to run the test yourself. If you want, I can give you a copy of my code and let you see if it works for your data set (you'll need R) https://t.co/Mjew4NZkFu ...

Continue Reading
The best way to get a good idea of what you’re getting into is to read the book

The best way to get a good idea of what you’re getting into is to read the book https://t.co/usLWKmwnbu ...

Continue Reading
The best way to get a job at Google is to be the person who wrote the code that solves their biggest problem.

The second best way is to know someone who works there, or work for someone else they’re familiar with. The third best way is to have an awesome project you can show them, and the fourth best way is ...

Continue Reading
The BatchQL tool is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations.

This script is not complex, and we welcome improvements. When exploring the problem space of GraphQL batching attacks, we found that there were a few blog posts on the internet, however no tool to per ...

Continue Reading
APIs are everywhere, and it’s impossible to know all of them.

You can’t rely on manual processes for visibility into your attack surface. Lack of understanding about the risk that APIs present? Even if you have a good handle on what APIs you have in your envi ...

Continue Reading

Back to Main

Subscribe for the latest news: