@MaryCybSec profile picture
Maryb @MaryCybSec

Cloud Infra Security | Cybersecurity | CyberGirl | Azure specialist

Joined March 2020
  • Tweets 350
  • Following 218
  • Followers 134
16 Photos and videos
Maryb retweeted
HackingAPIsWithDami@HackingAPIWDami
Jun 5
400 applications, 36 countries, 180 selected. After 14 weeks of learning, hacking, building, presenting projects, and live challenges, we’re celebrating the first graduates of the HackingAPIswithDami API Security Series. 🎓 The future of API & AI security is in good hands.
3
12
25
3,741
Just completed the 14-week @HackingAPIWDami program. We covered: # REST API pen testing & OWASP API Top 10: Not just theory, actual hands-on labs exploiting the vulnerabilities that break real production APIs every day. # Auth attacks: OAuth 2.0, JWT, and API keys.
1
1
3
93
# GraphQL: introspection abuse, IDOR, SSRF, BAC via __typename, secondary context attacks, directive injection, rate limit bypass, CSRF, WebSocket hijacking, & XSS. # AI/LLM/MCP: prompt injection, model extraction, data poisoning, & the Model Context Protocol threat landscape.
1
53
# DevSecOps: shifting security left into CI/CD pipelines, automated scanning, and compliance for APIs. I'm really grateful to HAWD for building a program this thorough. API security finally clicked for me here and that's not something I say lightly. #APISec @HackingAPIWDami
1
2
66
Last week, I went from Apprentice to cracking Practitioner-level GraphQL labs on @PortSwigger I learned how hidden endpoints get exposed, how private fields leak sensitive data, and how aliases can crush brute force protections. @HackingAPIWDami
1
1
47
Last week, I did a penetration test on an intentionally vulnerable LLM app (AIGoat) and the results were really eye-opening! Prompt injection, data leakage, XSS via chatbot output, unauthorised refunds processed through conversation alone… the list goes on.
2
1
2
32
LLM security isn't a future problem. It's a RIGHT NOW problem. If your app has an AI chatbot and you haven't pen tested it? I think you should. We (myself and fellow group mates) asked the chatbot to process someone else's refund. It did. No questions asked. 😬
1
1
20
AI is powerful but without proper security controls, it's a wide open door beckoning attackers. Huge learning experience for me. @HackingAPIWDami
1
2
67
I've just completed the LLM & NLP Security course on APISec University. Artificial intelligence is reshaping how we build applications, but it's also reshaping how attackers exploit them. This course tackled one of the most timely and critical intersections in tech today.
1
1
2
22
more replies
# Error Handling: Never leak details attackers can use # Rate Limiting: Cap abuse before it scales # API Gateways: Your first and strongest line of defense # Monitoring: You can't secure what you can't see
1
2
31
AI amplifies your API's power. It also amplifies the risk. Security has to keep up #API #APISec @HackingAPIWDami
1
1
64
Excited to share that I've just completed the 12 hours API Penetration Testing course on APISec University! 🎉 APIs are the backbone of modern applications and yet they remain one of the most overlooked attack surfaces in security today.
2
1
20
more replies
What stood out most was the practical sessions and emphasis on thinking like an attacker. Security isn't just about building walls, it's about understanding how those walls can be torn down, so you can build them stronger.
1
9
If you work in development, DevOps, or security and haven't thought deeply about API security, now is the time. APIs are everywhere, and so are the vulnerabilities hiding inside them. #API @HackingAPIWDami
1
1
49
Good API documentation isn't just a nice-to-have. It's the difference between adoption and abandonment. I recently took a course on API documentation, and this reminded me of a time I got stuck during a project implementation.
1
1
2
17
more replies
-Clear, human-readable error messages with context on how to fix them -A guide that doesn't assume the reader already knows your system -A sandbox or interactive environment to test calls without setting up a full integration -Updated documentation (always review them)
1
1
2
18
Finally, documentation is not a post-launch task. It's not something you hand off to a technical writer at the end of a sprint. It's a core part of your product, and it deserves the same attention, iteration, and care as the API itself. @HackingAPIWDami #API
1
2
3
61
Load more