Messages
8/19/2021
14 : 14
Issue 147: Vulnerabilities in SEOPress plugin and Steam portal, results from an application security survey
Hi, this week, we have the recent API vulnerabilities in SEOPress plugin and Steam portal, and results from an application security survey. APIsecurity.io The Latest API Security News, Vulnerabilities
8/13/2021
15 : 8
Issue 146: Facebook API leaking private group membership, JWT Attacker plugin for Burp
Hi, this week we have as usual recent API vulnerabilities, tools, opinions, and a note about the upcoming transition of this newsletter. APIsecurity.io The Latest API Security News, Vulnerabilities and
8/5/2021
14 : 14
Issue 145: APIs and electric car charging stations, The Nuts and Bolts of OAuth 2.0 🔩
Hi, today we look at the recent EV charging station API vulnerabilities, an OAuth2.0 course in Udemy, Gartner API Hype Cycle, and API path tra APIsecurity.io The Latest API Security News,
7/29/2021
14 : 4
Issue 144: JustDial API vulnerability re-emerges, API key checker, the state of OAuth
Hi, this week we have great videos on OAuth roadmap and GraphQL attacks and defenses. There's also an API key validator script and a story of APIsecurity.io The Latest API Security News,
7/22/2021
14 : 14
Issue 143: GraphQL API leaking credit cards, SQLi in JWT, XML attacks mind map 🗺️
Hi, today we have a case study of an API leaking credit card numbers, a lab on SQL injections in JWT, an API Security CTF, and a mind map of APIsecurity.io The Latest API Security News, Vulnerabilities
7/16/2021
9 : 7
Issue 142: API vulnerabilities in Coursera and Huawei, GraphQL rate limiting and discovery 🔎
Hi, this week we look at the recent vulnerabilities in Coursera & Huawei, and discuss rate-limiting best practices for GraphQL as well as new APIsecurity.io The Latest API Security News,
7/10/2021
6 : 2
Issue 141: API vulnerabilities in VeryFitPro and Gettr, AWS Lambda authorizers, AsyncAPI 2.1 🏅
Hi, today we have a few recent API vulnerability case studies, a research on possible implementation flaws in AWS Lambda Authorizers, and the APIsecurity.io The Latest API Security News,
7/1/2021
13 : 14
Issue 140: API vulnerabilities at LazyPay, Western Digital, and LinkedIn; IDOR mindmap 🗺️
Hi, today we look at LinkedIn data getting scraped and WD NAS devices wiped, the recent LazyPay API flaw and an IDOR/BOLA pentesting mindmap APIsecurity.io The Latest API Security News, Vulnerabilities
6/24/2021
0 : 4
Issue 139: API vulnerabilities at Apple, Amazon, and 1Sambayan, upcoming Gartner webinar
Hi, this week we look at the details of 3 recently reported API vulnerabilities and an upcoming free webinar from Gartner APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices
6/17/2021
1 : 4
Issue 138: Vulnerabilities in Microsoft Teams and Instagram
Hi, this week in our newsletter we look at a couple of recent vulnerability reports, awesome-apisecurity repo, and upcoming DevSecCon24. APIsecurity.io The Latest API Security News, Vulnerabilities and
6/10/2021
3 : 44
Issue 137: Vulnerabilities in VMware vCenter and Apache Pulsar, GraphQL and CSRF attacks
Hi, today we look at a couple of recent API vulnerabilities, API Security in Postman, CSRF and GraphQL, my upcoming live Q&A, and a buyer's APIsecurity.io The Latest API Security News,
6/3/2021
3 : 34
Issue 136: OAuth 2.0 security checklist and pentesting ✔️
Hi, today we look at a recent API breach, a couple of pentesting case studies, and OAuth 2.0 security checklist and pentesting APIsecurity.io The Latest API Security News, Vulnerabilities and Best
5/27/2021
3 : 44
Issue 135: Millions stolen from cryptoexchanges through APIs 💱
Hi, today we look at the recent Rocket.Chat API vulnerability, cybercriminals exploiting cryptoexchange API keys, effect of Let's Encrypt root APIsecurity.io The Latest API Security News,
5/20/2021
16 : 14
Issue 134: API vulnerabilities at Echelon, Instagram, Facebook Workspace
Hi, today we look into details of 3 recent API vulnerability reports and have an RSCA interview with Forrester's Sandy Carielli APIsecurity.io The Latest API Security News, Vulnerabilities and Best
5/14/2021
3 : 10
Issue 133: Vulnerable Peloton APIs, API contract generation for .NET 💻
Hi, this week we look at Peloton and India's CoWIN, OpenAPI contracts based on .NET annotations, API Security sessions at RSAC AppSec Village APIsecurity.io The Latest API Security News,
5/6/2021
16 : 14
Issue 132: Experian API leak, breaches at DigitalOcean and Geico, Burp plugins, vAPI lab
Hi, this week we look at new API tools & recent Experian, DigitalOcean, Geiko, Facebook APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #132 Experian API leak
4/29/2021
16 : 14
Issue 131: API vulnerabilities at John Deere, Springfox, JWT lab, AutoGraphQL 🔎
Hi, this week, we look at the recent API vulnerability in farming machinery and a few APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #131 API vulnerabilities at
4/22/2021
16 : 14
Issue 130: GitHub’s new token format, MindAPI, Kiterunner
Hi, this week we look at API token best practices, and tools for API recon & pentesting APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #130 GitHub's new
4/19/2021
15 : 44
Issue 129: Facebook and Clubhouse profiles scraped through APIs, Forrester’s “State of Application Security, 2021”📑
Hi, today we look at the huge API data leaks at Facebook and Clubhouse, Forrester's APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #129 Facebook and
4/8/2021
16 : 14
Issue 128: API flaws at VMware and GitLab, URL parameters and SSRF, webinar on recent breaches 🎬
Hi, this week we look at a couple of recent API flaws, the dangers of URL parameters & APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #128 API flaws at