owasp-api1

OWASP API Security Top 10 – Broken Object Level Authorization

OWASP API Security Top 10 – Broken Object Level Authorization Broken Object Level Authorization (BOLA) is the top most in the list of OWASP Top 10 API Security threats because of its ease of exploitation combined with its potential for impact as well as the difficulty to defend this threat in an organized way.    …

OWASP API Security Top 10 – Broken Object Level Authorization Read More »

How a Trusted Client Hides API Vulnerability?

How a Trusted Client Hides API Vulnerability? A Case for Service Side Monitoring/Testing A critical vulnerability in Apple “Sign Me In” feature was reported last week (Reference) that would allow a bad actor to first login through the Apple Client using their own credentials, then abuse the same login session to request a JSON Web …

How a Trusted Client Hides API Vulnerability? Read More »

What Went Down At USPS Data Breach? Only CloudVector Could Have Prevented

What Went Down At USPS Data Breach? Only CloudVector Could Have Prevented A Data Exposure flaw at the United States Postal Service (USPS) website was disclosed last week by Brain Krebs from KrebsonSecurity. The flaw was identified in the APIs exposed by a web component on the USPS website and potentially exposed data from 60 Million users. …

What Went Down At USPS Data Breach? Only CloudVector Could Have Prevented Read More »

A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security

A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security Confucius taught us more than 2000 years ago: “Listen to his claims, but watch his actions.” Things are not what they claim to be. Such words of wisdom speak volume in light of the most …

A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security Read More »