Month: June 2020

APIs – Underpinning Modern Technologies to Popular Data Breaches

APIs – Underpinning Modern Technologies to Popular Data Breaches In today’s world software is an essential piece driving digital transformation and also business value for every enterprise. Microsoft CEO Satya Nadella not long ago said, “every company is a software company, every company is a digital organization”. At the crux of this transformation is the …

APIs – Underpinning Modern Technologies to Popular Data Breaches Read More »

OWASP API Security Top 10 – Broken Object Level Authorization

OWASP API Security Top 10 – Broken Object Level Authorization Broken Object Level Authorization (BOLA) is the top most in the list of OWASP Top 10 API Security threats because of its ease of exploitation combined with its potential for impact as well as the difficulty to defend this threat in an organized way.    …

OWASP API Security Top 10 – Broken Object Level Authorization Read More »

How a Trusted Client Hides API Vulnerability?

How a Trusted Client Hides API Vulnerability? A Case for Service Side Monitoring/Testing A critical vulnerability in Apple “Sign Me In” feature was reported last week (Reference) that would allow a bad actor to first login through the Apple Client using their own credentials, then abuse the same login session to request a JSON Web …

How a Trusted Client Hides API Vulnerability? Read More »