Messages
4/1/2021
16 : 14
Issue 127: Hidden OAuth attack vectors, Methodology for BOLA/IDOR 🗝️
Hi, this week we look at how a login API got breached for an code execution APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #127 Hidden OAuth attack vectors,
3/25/2021
16 : 14
Issue 126: F5 iControl REST API under attack, Regexploit, Ford’s API security talk recording 🚗
Hi, today we look at a couple of recent API vulnerabilities, a new regex analysis tool APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #126 F5 iControl REST API
3/18/2021
16 : 14
Issue 125: iPhone call recorder API flaw, Burp and OpenAPI, GraphQL pentesting, FAPI 💱
Hi, today we look at the just released FAPI 1.0, GraphQL pentesting, OpenAPI in Burp, APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #125 iPhone call recorder
3/13/2021
10 : 15
Issue 124: API vulnerabilities at Microsoft and Truecaller Guardians, Pentester labs, API security at Ford Motors 🚗
Hi, this week we look at the recent brute-force attack on Microsoft's password reset, APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #124 API vulnerabilities
3/4/2021
17 : 14
Issue 123: API vulnerabilities VMWare vCenter and Facebook, mismatch between JSON parsers, API security fixes in VS Code
Hi, this week we look at how URL caching and JSON parsing can bite you, and check out APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #123 API vulnerabilities
2/25/2021
15 : 4
Issue 122: API issues at Clubhouse 👋 and healthcare apps, scope-based recon, OAS v3.1.0
Hi, this week we look at API vulnerabilities in Clubhouse and mHealth apps, recon & OAS APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #122 API issues at
2/18/2021
15 : 14
Issue 121: Vulnerability at chess.com, GraphQL security playground and checklist 📝
Hi, today we look at the recent chess.com API flaw and useful security resources for APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #121 Vulnerability at chess.
2/13/2021
5 : 6
Issue 120: Video doorbells security flaws, intro to JWT attacks, security zines
Hi, this week (besides security flaws) we have tutorials on JWT, AuthZ & AuthN, K8S APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #120 Video doorbells
2/4/2021
2 : 4
Issue 119: NoxPlayer supply-chain attack through a hacked API 📲
Hi , today we look at NoxPlayer API attack, Radware state of web sec report, Azure API m APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #119 NoxPlayer supply-
1/28/2021
2 : 4
Issue 118: Spring Framework ALPS, OAuth 2.0 attack mindmap, securing JWTs 📜
Hi, today we look at potential API exposure via Spring ALPS, OAuth 2.0 attacks, JWT and APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #118 Spring Framework ALPS
1/15/2021
2 : 27
Issue 116: Facebook and Parler API vulnerabilities, clairvoyance 🔭
Hi , this week we look at a recent Facebook vulnerability, Parler breach, GraphQL recon APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #116 Facebook and Parler
1/7/2021
2 : 4
Issue 115: Vulnerabilities in SolarWinds, Ledger, Outlook, new plugin for JetBrains IDEs 🛠️
Hi, today we look at the API aspects of SolarWinds and Ledger breaches, Outlook JWT... APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #115 Vulnerabilities in
12/17/2020
8 : 14
Issue 114: SolarWinds and PickPoint breaches, GitHub Code Scanning review, GraphQL security 〽️
Hi, this week we look at the API security aspects of two recent breaches, shift-left APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #114 SolarWinds and PickPoint
12/10/2020
3 : 34
Issue 113: API vulnerabilities at YouTube and 1Password, OIDC security, Assetnote Wordlists
Hi, today we look at OIDC security, wordlists for reconnasaince, and 2 recent API flaws APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #113 API vulnerabilities
12/4/2020
4 : 4
Issue 111: API vulnerabilities in AWS, Tesla Backup Gateway, Twitter 🦃
Hi, today we look at 3 recent API vulnerability reports and have passes to another conf APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #111 API vulnerabilities
12/4/2020
3 : 8
Issue 112: Vulnerability in Paginator, Microsoft RESTLer, talks on API authentication and JWT security 🗝️
Hi, today we look at a recent injection vulnerability, another API fuzzer, and 2 talks APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #112 Vulnerability in
11/19/2020
0 : 4
Issue 110: API flaws in Bumble and COVID-KAYA, Forrester on API security, ASC 2020 talks 🖥️
Hi, today we look at two recent API vulnerabilities, 2 session recordings, a webinar & APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #110 API flaws in
11/13/2020
6 : 46
Issue 109: API token best practices, Dredd, IDOR hunting tips 🔬
Hi, this week we look at an API vulnerability leaking US voter data, API key best practices APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #109 API token best
11/5/2020
8 : 14
Issue 108: API vulnerabilities in Thrillophilia and GitLab ✉️
Hi, today we look at a couple recent API flaws, new OpenID Connect course, recent tool APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #108 API vulnerabilities in
10/29/2020
8 : 14
Issue 107: Vulnerabilities in Waze, AWS, and NHS COVID-19 app, Forrester App Sec Tech Tide 🌊
Hi, today we look into details of 3 recent API flaws, plus Forrester names API Security APIsecurity.io The Latest API Security News, Vulnerabilities and Best Practices Issue: #107 Vulnerabilities in