How to add token generation code
How to add token generation code.Supports JWT, OAuth 2.0, Custom authentication service, etc. Step 1: Provide a curl for generating token e.g. curl -s -d '{"username":"admin", "password":"secret"}' -H "Content-Type: application/json" -H "Accept: application/json" -X POST https://ip/user/login Step 2: Provide Token …
Rest API an Its Significance to web service providers
Rest API an Its Significance to web service providers API (Application Programming Interface) is a system that regulates the resources of different services. It is designed to make a web designer’s life easy. Now, there are two kinds of APIs. …
API Security Testing – apisec™ is the only platform.
API Security Testing - apisec™ is the only platform APIs are the heart of the modern Web, Mobile, & Data integration architecture. As per OWASP,Top API vulnerabilities come from business-logic, role-configuration, and access-control flaws. Making web security, pen-testing, and WAF …
First American Financial 885M Data Vulnerability
Security Exploit Case Study #6 Note: This series aims to analyze and simplify breach and vulnerability reports that are usually cryptic and mostly written by legal. The simplified version hopes to educate and help security and engineering leadership avoid the …
How hackers acquired patient’s personal data from Healthline’s feedback system?
Security Breach Case Study #4 Note: This series simplifies and analyze breach/exploit details which are usually cryptic and legal led and to help other enterprises avoid the same mistake. Company: HealthEngine App: Feedback System Data Leaked: 59,000+ patient’s personally identifiable information. …
What made Citi’s hack much worse? How to avoid the same mistake?
Security Breach Case Study #3 Note: This series simplifies and analyze breach/exploit reports which are usually cryptic and legal led and to help other enterprises avoid the same mistake. Hackers were able to acquire over 350K customer’s personal data from …
How a common API flaw gave attackers access to Symantec’s customer certificates
How API Access-Control vulnerabilities are exploited Access-Control vulnerabilities are incredibly commonplace in today's APIs. They're not hard to fix, but they're hard to continuously validate and keep in check as the code base, and features grow. Hackers love these weaknesses …
Simplified Analysis of Outlook Hack
How did the Outlook email breach happen? According to Microsoft, one of its support agent's credentials were compromised, allowing individuals to gain unauthorized access to Microsoft email accounts. Initially, Microsoft said the breach might have allowed unauthorized parties to "access …
More than 5 billion records from 6,500 data breaches were exposed in 2018
More and more data breaches and GDPR violations are caused by API vulnerabilities. Continuous API security scanning can help mitigate these risks to avoid the enormously high fines associated with such violations.