-
Issue 146: Facebook API leaking private group membership, JWT Attacker plugin for Burp Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 145: APIs and electric car charging stations, The Nuts and Bolts of OAuth 2.0 Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 144: JustDial API vulnerability re-emerges, API key checker, the state of OAuth Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 143: GraphQL API leaking credit cards, SQLi in JWT, XML attacks mind map Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 142: API vulnerabilities in Coursera and Huawei, GraphQL rate limiting and discovery Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 141: API vulnerabilities in VeryFitPro and Gettr, AWS Lambda authorizers, AsyncAPI 2.1 Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 140: API vulnerabilities at LazyPay, Western Digital, and LinkedIn; IDOR mindmap Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 139: API vulnerabilities at Apple, Amazon, and 1Sambayan, upcoming Gartner webinar Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 138: Vulnerabilities in Microsoft Teams and Instagram Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 137: Vulnerabilities in VMware vCenter and Apache Pulsar, GraphQL and CSRF attacks Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 136: OAuth 2.0 security checklist and pentesting Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 135: Millions stolen from cryptoexchanges through APIs Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 134: API vulnerabilities at Echelon, Instagram, Facebook Workspace Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 133: Vulnerable Peloton APIs, API contract generation for .NET Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 132: Experian API leak, breaches at DigitalOcean and Geico, Burp plugins, vAPI lab Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 131: API vulnerabilities at John Deere, Springfox, JWT lab, AutoGraphQL Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 130: GitHub’s new token format, MindAPI, Kiterunner Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 129: Facebook and Clubhouse profiles scraped through APIs, Forrester’s “State of Application Security, 2021” Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 128: API flaws at VMware and GitLab, URL parameters and SSRF, webinar on recent breaches Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 127: Hidden OAuth attack vectors, Methodology for BOLA/IDOR Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 126: F5 iControl REST API under attack, Regexploit, Ford’s API security talk recording Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 125: iPhone call recorder API flaw, Burp and OpenAPI, GraphQL pentesting, FAPI Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 124: API vulnerabilities at Microsoft and Truecaller Guardians, Pentester labs, API security at Ford Motors Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 123: API vulnerabilities VMWare vCenter and Facebook, mismatch between JSON parsers, API security fixes in VS Code Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 122: API issues at Clubhouse and healthcare apps, scope-based recon, OAS v3.1.0 Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 121: Vulnerability at chess.com, GraphQL security playground and checklist Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 120: Video doorbells security flaws, intro to JWT attacks, security zines Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 119: NoxPlayer supply-chain attack through a hacked API Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 118: Spring Framework ALPS, OAuth 2.0 attack mindmap, securing JWTs Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 117: Vulnerabilities in YouTube and Ring Neighbors app, OAuth Mix-Up attacks, Tamper Dev Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 116: Facebook and Parler API vulnerabilities, clairvoyance Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 115: Vulnerabilities in SolarWinds, Ledger, Outlook. New plugin for JetBrains IDEs Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 114: SolarWinds and PickPoint breaches, GitHub Code Scanning review, GraphQL security Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 113: API vulnerabilities at YouTube and 1Password, OIDC security, Assetnote Wordlists Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 112: Vulnerability in Paginator, Microsoft RESTLer, talks on API authentication and JWT security Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 111: API vulnerabilities in AWS, Tesla Backup Gateway, Twitter Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 110: API flaws in Bumble and COVID-KAYA, Forrester on API security, ASC 2020 talks Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 109: API token best practices, Dredd, IDOR hunting tips Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 108: API vulnerabilities in Thrillophilia and GitLab Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 107: Vulnerabilities in Waze, AWS, and NHS COVID-19 app, Forrester App Sec Tech Tide Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 106: API flaws at GitLab and Grindr, APICheck, API World and apidays conferences next week Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 105: API vulnerabilities in HashiCorp, Azure App Services, and Qiui adult devices Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 104: API vulnerabilities at Twitter and Grandstream, mTLS in AWS API Gateway, Application Security Podcast Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 103: API vulnerabilities at Cisco, Shopify, BrandBQ, a security guide to CORS Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 102: Vulnerabilities in Facebook and campaign apps, creating defensible APIs Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 101: Vulnerabilities in Giggle, Google Cloud Platform, SonicWall, New Relic, Tesla Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 100: API Security advice from top industry experts Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 99: API flaws in the Mercedes-Benz app and Russian inter-bank money transfer Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 98: APIs as the next frontier in cybercrime Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 97: Gym apps & home automation vulnerabilities, how to not leak API keys Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 96: Vulnerabilities at Cisco and MGM Grand Resort, tutorial on Chrome DevTools and pentesting with GraphQL Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 95: Vulnerabilities at Zoom and OkCupid, progress on OAuth 2.1, API Information Disclosure tutorial Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 94: Two-day API security training at Black Hat USA Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 93: API authentication flaw in Chingari, a guide to OAuth Authorization Code grant Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 92: APIs putting dementia patients at risk, OAuth simulators Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 91: Homograph OAuth bypass, common JWT mistakes, ReDos attacks Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 90: Twitter API data security incident, Google Analytics APIs used with skimmers Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 89: Starbucks API flaw exposes almost 100 million customer accounts Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 88: JWT pentesting, API discovery, the present and future of OpenAPI Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 87: Vulnerabilities in Digilocker, Facebook, VMware Cloud Director Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 86: Vulnerabilities in Sign in with Apple, Qatar’s COVID19 app, GitLab Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 85: Vulnerability in Google Cloud Deployment Manager, a pentester’s guide to OAuth Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 84: Unprotected APIs at Google Firebase, leaky Arkansas PUA portal Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 83: India’s COVID-19 tracing app, OAuth2 API attacks Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 82: Most common GraphQL vulnerabilities, pentesting with Insomnia Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 81: Vulnerabilities in Microsoft Teams, Auth0, smart home hubs Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 80: API vulnerabilities IBM Data Risk Manager and Cisco Unified Computing System Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 79: 1.4 million doctor records scraped using API Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 78: Vulnerabilities in WordPress Rank Math, Tapplock, and TicTocTrack Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 77: Vulnerabilities in GitLab, OAuth 2.1 draft is out Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 76: 3rd-party API leaks 8 million shopping records Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 75: 98% of IoT traffic unencrypted, API DevSecOps in Azure Pipelines Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 74: Vulnerability in Login with Facebook, API security talks Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 73: Up to 75% credential abuse attacks target APIs Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 72: Vulnerabilities in WordPress ThemeREX Addons and Voatz, Facebook postmortem, JWT talks, OpenAPI Specification 3.0.3 Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 71: Vulnerabilities in SoundCloud and Lime e-scooters, NIST Microservices security strategies Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 70: Vulnerabilities in Twitter, Likud, Iowa caucus apps, two API security talks Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 69: Vulnerabilities in Azure Stack and Cisco TelePresence, API fuzzing Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 68: API security in Gartner Hype Cycle, McAfee threat predictions for 2020 Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 67: RFC for OAuth 2.0 Token Exchange, JWT Webinar Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 66: Vulnerabilities in TikTok and InfiniteWP Client, AppSecCali 2020 Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 65: Vulnerabilities at Siemens, Cisco, D-Link, OWASP API Security Top 10 2019 out Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 64: API Vulnerabilities in Plenty of Fish, SonyLIV, SharePoint, Facebook Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 63: Microsoft and Google dropping Basic Auth, Thinkrace exposing 47mln+ devices Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 62: Vulnerabilities in Amazon Ring Neighbors and Droom, WebSocket API security Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 61: Exposed patient records, vulnerabilities at Airtel and Kaspersky Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 60: Microsoft Azure OAuth2 Vulnerability, 5G Threat Landscape, Webinars Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 59: Vulnerabilities in Fortinet, Truecaller, Nykaa Fashion, SMA M2 smartwatch Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 58: Broken Object Level Authorization explained, plus practical tips on API security Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 57: Vulnerabilities at Facebook, Amazon Ring, and GitHub, OWASP API Security Top 10 Webinar Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 56: Common JWT Attacks, OWASP API Security Top 10 cheat sheet Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 55: Vulnerabilities in eIDAS and Cisco routers, Instagram API program locked down Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 54: API vulnerabilities in eRosary, Kubernetes, Harbor Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 53: Vulnerabilities in TwitterKit, JustDial, Voi e-scooters Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 52: NIST Zero Trust Architecture Guidelines Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 51: Gartner releases full report on API security Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 50: Harbor API vulnerability, and the dangers of CRUD APIs Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 49: Uber account takeover and the leaky Get API Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 48: Vulnerabilities at Verizon and GPS trackers, S3 bucket names leaking Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 47: Cisco and MuleSoft vulnerabilities, API World passes Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 46: Cisco and Facebook patch APIs, Solr API parameter injection Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 45: Hacked dating apps and smartlocks, “Egregious 11” cloud security issues Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 44: ACS 2019 Agenda Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 43: REST API Security Testing Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 42: HTTP Security Headers Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 41: Tinder and Axway API Vulnerability, Equifax fined Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 40: Vulnerabilities in Instagram, 7-Eleven, Zipato Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 39: Vulnerable local Zoom webservers on 4+ mln Macs Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 38: Cracked smartlocks, X-Frame-Options, standards gaining adoption Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 37: Vulnerabilities with WebLogic and OnePlus, the Black Hat API workshop, and OAuth in action Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 36: Vulnerabilities at TP-Link, Venmo, Amcrest, and GateHub Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 35: IDE support for OpenAPI Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 34: OWASP launches API Security Top 10 project Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 33: First American leaks 885 million mortgage records Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 32: WAFs missing API attacks for 86% of users Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 31: Samsung SmartThings repo token leaks, and Facebook fined for API vulnerability Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 30: 5G going to REST. Breaches in Dell, Cisco, WebLogic, DockerHub, JustDial, iLnkP2P Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 29: OAuth2 attacks, car GPS vulnerabilities, and honeypot stats Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 28: Breaches in Tchap, Shopify, and JustDial Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 27: MyCar vulnerability, serverless, IoT API security Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 26: Verizon routers patched for API vulnerability Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 25: NIST microservices guidelines, Facebook opens up to pentesting Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 24: Unprotected APIs in implants, storing API secrets Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 23: Hacking ML, AWS Gateway Security, Gartner advice to CISO Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 22: SANS SWAT list, 42Crunch Platform launch Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 21: Amazon Ring Doorbell camera hacked, open APIs coming to healthcare Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 20: Drupal APIs hacked, EU releases IoT standards Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 19: Half of Amazon’s top-selling smart devices found vulnerable Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 17: 83 percent of web traffic is API, and why query parameters are bad for secrets Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 16: DHS DNS hijacking directive, plus 5 API security rules Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 15: Fortnite hack, TLS MITM attacks, SQL injections for NoSQL Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 14: Hacked hot tubs, airlines, trading sites; JSON encoding best practices Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 13: Microsoft services and Chromecast hacks, the limitations of WAF Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 12: Car APIs leaking location, breached security cameras, regulation that helps Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 11: Mutual TLS authentication in Golang open to DoS, XSS in Google Code-in Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Understanding Golang TLS mutual authentication DoS – CVE-2018-16875 Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 10: Unprotected Docker and Ethereum APIs, McAfee 2019 forecast Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 9: Patch your Kubernetes and security cameras, check out the Node.js security guide Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 8: USPS API broken, APIdays, ETSI downgrades TLS Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 7: OAuth attacks, vulnerabilities in drones and kids’ watches Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 6: Steam API leaks keys, and why WAF does not help DevSecOps Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 5: Bad TLS client authentication, how not to use cURL, State of Software Security Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 4: Remini hacked, perils of free APIs, TLS explained, ATMs & SWIFT get APIs Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 3: TLS 1.3, securing JWT, US banks release a common API standard Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 2: California IoT security law, GoDaddy & AWS vulnerabilities Posted on by Dmitry Sotnikov
in
Newsletter Archive
-
Issue 1: APIStrat, CORS, Samsung, Google, Facebook, GitLab, Apple Posted on by Dmitry Sotnikov
in
Newsletter Archive
