The APIsec security testing platform discovers the most serious API vulnerabilities that lead to data theft and compromise.
Joined April 2020
- Tweets 143
- Following 7
- Followers 3,267
- Likes 47
69 Photos and videos
23 Oct 2024
APIs are critical for modern online services, but they can also be a gateway for cyberattacks.
Programs like customer loyalty rewards are prime targets, turning companies into "accidental banks" with valuable customer data.
More from Forbes here: ow.ly/Rwq250TQXWw
1
381
22 Oct 2024
OWASP Villain #7...
Loki!
Loki’s ability to deceive, manipulate, and gain access to restricted areas is a metaphor for how SSRF attacks abuse a server's trust and access levels, making him an apt representation of this vulnerability.
2
347
17 Oct 2024
OWASP Villain #6...
Lex Luthor!
Lex Luthor represents OWASP API Security Risk #6, Unrestricted Access to Sensitive Business Flows, by exploiting weaknesses and manipulating systems for his benefit.
1
208
15 Oct 2024
OWASP Villain #5...
Rogue from X-men!
Her ability to absorb others' powers, identities, and access to abilities that aren’t hers by default is similar to Broken Function Level Authorization, which allows an attacker to exploit insufficient access control.
#APIsecOWASPVillains
4
202
10 Oct 2024
OWASP Villain #4...
Galactus!
Just as Galactus devours entire planets without resistance, a lack of proper rate limiting allows an attacker to "consume" server resources without restriction, leading to system exhaustion or failure.
#APIsecOWASPVillains
1
139
8 Oct 2024
OWASP Villain #3...
The Riddler!
The Riddler's obsession with breaking into places through mental trickery mirrors brute force or password guessing attacks on weak authentication systems.
#APIsecOWASPVillains
5
173
4 Oct 2024
OWASP #2 alert! 🚨
A critical vulnerability (CVE-2024-45229) in Versa Networks' Versa Director, a platform for managing Secure SD-WAN and SASE solutions, allows attackers to exploit REST APIs that lack authentication.
Read more: ow.ly/mLHQ50TAjEB
1
3
381
3 Oct 2024
OWASP Villain #2...
Mystique
Mystique’s ability to impersonate others reflects the danger of poor authentication systems, where an attacker can gain unauthorized access by masquerading as a legitimate user.
3
152
2 Oct 2024
Miss APISEC|CON Money last week?
You can catch all the replays here: youtube.com/playlist?list=PL…
1
3
333
1 Oct 2024
OWASP Villain #1...
Marvel's Ultron 🤖
Ultron’s ability to bypass security controls and take over systems mirrors how attackers exploit broken authorization to escalate privileges or access unauthorized resources.
#APIsecOWASPVillains
1
3
534
13 Sep 2024
Happy Friday the 13th 👀
We'll be kicking off spooky season next month by sharing some of the scariest OWASP villains with you. Stay tuned! 👻
1
122
12 Sep 2024
Don't miss our monthly API Security workshop next week! Join Dan as he goes through API security fundamentals and best practices in a free one-hour session.
Register: my.demio.com/ref/Z17YDvanYBn…
2
130
20 Aug 2024
In the digital age, APIs are the backbone of business operations, driving everything from customer experiences to backend processes. However, as their adoption skyrockets, so does the potential for misuse and security breaches.
Read our recap here: apisecuniversity.com/blog/se…
1
2
449
31 Jul 2024
Curious about how a leading beauty retailer automated their API security? Dive into our latest case study to see how Sally Beauty leveraged APIsec to enhance their cybersecurity measures and streamline their processes.
apisec.ai/case-studies/sally…
2
5
537
9 Jul 2024
OWASP API #4: Unrestricted Resource Consumption
Hackers exploited an API to verify millions of Authy MFA phone numbers! 🚨
Read more: bleepingcomputer.com/news/se…
1
140
18 Jun 2024
Several critical mistakes can compromise the integrity and safety of your applications in API security testing. Dana Epp discusses the seven deadly sins of API security testing and how to avoid them.
Read our recap of his APISEC|CON session here: apisecuniversity.com/blog/7-…
1
160
11 Jun 2024
API authentication is a critical aspect of web security, ensuring that only authorized clients can access your API. There are various methods available for API authentication, each with its pros and cons.
Read more: apisecuniversity.com/blog/ex…
165
30 May 2024
Integrate APIsec Scan for CI/CD into your development pipeline for continuous, automated security testing. Easy setup via GitHub, no complex configurations needed. Plus, it's free!
apisecuniversity.com/api-too…
2
3
264
8 May 2024
🎓 APIsec University workshop with ISC2 North Bay
📅 June 27, 2024
⏰ 6:00 PST
Register: isc2-northbay-chapter.org/me…
194
16 Apr 2024
Shift left or shield right? 🤔
An overwhelming 77% of respondents preferred to shift left, recognizing the benefit of discovering vulnerabilities earlier than later, preferably before production.
Do you agree?
4
338