Be careful when you’re using a library that parses your GraphQL queries.

You might be vulnerable to attacks! 2. The Query vs. the Operation# Why? In REST, we have two concepts: Resources and Operations on those resources (e.g GET /users). In GraphQL, we only have one con ...

Continue Reading
I’m not saying that you have to be a jerk.

I'm just saying that if you want to get good at something, it's probably worth being a little bit of an asshole for awhile. The other thing is this: the people who are most successful at getting what ...

Continue Reading
APIs are a huge attack surface, and they’re often overlooked during security assessments.

Corey Ball: “You can design an API you think is ultra-secure, but if you don’t test it, then a cybercriminal somewhere is going to do it for you. You need to be able to scan your APIs - and this mea ...

Continue Reading
I am a big fan of this book.

I think it is an excellent resource for anyone who wants to learn more about the history of science and how we know what we know. It’s not just about physics, but also chemistry, biology, geology, as ...

Continue Reading
If you pick a random GraphQL framework and run it with default settings in production, disaster is waiting to happen.

2. The GraphQL Schema# The schema defines the structure of your API, including all possible queries and mutations that can be executed against it. It's also used by the client-side library to generat ...

Continue Reading
SoundCloud’s API was vulnerable to DoS attacks.

On the other hand, SoundCloud's API had no rate-limiting mechanism for some endpoints such as /me/following and /me/followers . This means that an attacker could have followed or unfollowed any number ...

Continue Reading
I’m a software engineer with experience in both front-end and back-end development.

I have worked on several projects, including an online game (with over 100k users), a social network for gamers, and various other web applications. I am currently working as the lead developer at The ...

Continue Reading
The Mayhem for Code and Mayhem for API products are now available.

Mayhem is an automated security testing solution that finds vulnerabilities in code, APIs, and microservices. It's the first product to combine fuzzing with random testing to find bugs that other tool ...

Continue Reading

Back to Main

Subscribe for the latest news: