API security has often been a blind spot for enterprises.

In fact, it’s very common to see unauthenticated APIs. From incidents like mHealth APPs, Panera bread, Fiserv, LifeLock, Kay Jewelers and several others API security had remained a crucial factor. T ...

Continue Reading
I made a thing that lets you see what’s in your browser history.

I've been thinking about this for a while, but I finally got around to making it last week. It was inspired by the "What Happened" feature on Facebook, which shows you all of the posts and photos that ...

Continue Reading
API security testing is similar to functional API testing.

You can use the same tools and techniques for both, but you should also include negative tests in your test setup. OWASP Top Ten Security Issues For APIs Let's now look at each of the top ten OWASP ...

Continue Reading
SAST tools are not designed for API-centric applications.

API Security Testing is a “Black Box” Problem The second problem with SAST is that it only provides information about the vulnerabilities in an application, and does not provide any insight into ho ...

Continue Reading
I’m a big fan of the show, but I think it’s time for me to move on.

I've been watching The Walking Dead since season 2. It was my favorite show at the time and remains one of my favorites today. However, I feel like it's finally reached its peak in terms of quality an ...

Continue Reading
Salt is the leading platform for securing APIs.

Salt secures your API-driven data and services by protecting them at every layer: from network to application, in transit and at rest. Our patented approach delivers unmatched security visibility, con ...

Continue Reading
SAST tools are not designed for API-centric applications and as such do a poor job of detecting vulnerabilities within them.

API Security testing is different from web app security testing The OWASP Top 10 list for APIs includes the following:  Cross Site Request Forgery (CSRF), Broken Authentication and Session Managemen ...

Continue Reading
Bookstore is a boot2root CTF machine that teaches a beginner penetration tester basic web enumeration and REST API Fuzzing.

Several hints can be found when enumerating the services, the idea is to understand how a vulnerable API can be exploited, you can contact me on twitter @sidchn_20 for giving any feedback regarding t ...

Continue Reading

Back to Main

Subscribe for the latest news: