Skip to content
Powered by 42Crunch.com
  • Home
  • Tools
  • OWASP API Top 10
  • Events
  • Newsletter
  • Contact Us

About: dmitry

Posts by dmitry:

  • Issue 146: Facebook API leaking private group membership, JWT Attacker plugin for Burp Posted on August 12, 2021 (August 18, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 145: APIs and electric car charging stations, The Nuts and Bolts of OAuth 2.0 Posted on August 5, 2021 (August 5, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 144: JustDial API vulnerability re-emerges, API key checker, the state of OAuth Posted on July 29, 2021 (July 29, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 143: GraphQL API leaking credit cards, SQLi in JWT, XML attacks mind map Posted on July 21, 2021 (July 21, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 142: API vulnerabilities in Coursera and Huawei, GraphQL rate limiting and discovery Posted on July 15, 2021 (July 15, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 141: API vulnerabilities in VeryFitPro and Gettr, AWS Lambda authorizers, AsyncAPI 2.1 Posted on July 8, 2021 (July 8, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 140: API vulnerabilities at LazyPay, Western Digital, and LinkedIn; IDOR mindmap Posted on July 1, 2021 (July 1, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 139: API vulnerabilities at Apple, Amazon, and 1Sambayan, upcoming Gartner webinar Posted on June 24, 2021 (June 23, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 138: Vulnerabilities in Microsoft Teams and Instagram Posted on June 17, 2021 (June 16, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 137: Vulnerabilities in VMware vCenter and Apache Pulsar, GraphQL and CSRF attacks Posted on June 10, 2021 (June 9, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 136: OAuth 2.0 security checklist and pentesting Posted on June 3, 2021 (June 3, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 135: Millions stolen from cryptoexchanges through APIs Posted on May 27, 2021 (May 27, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 134: API vulnerabilities at Echelon, Instagram, Facebook Workspace Posted on May 20, 2021 (May 20, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 133: Vulnerable Peloton APIs, API contract generation for .NET Posted on May 13, 2021 (May 13, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 132: Experian API leak, breaches at DigitalOcean and Geico, Burp plugins, vAPI lab Posted on May 6, 2021 (May 5, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 131: API vulnerabilities at John Deere, Springfox, JWT lab, AutoGraphQL Posted on April 29, 2021 (April 29, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 130: GitHub’s new token format, MindAPI, Kiterunner Posted on April 22, 2021 (April 22, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 129: Facebook and Clubhouse profiles scraped through APIs, Forrester’s “State of Application Security, 2021” Posted on April 15, 2021 (April 14, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 128: API flaws at VMware and GitLab, URL parameters and SSRF, webinar on recent breaches Posted on April 8, 2021 (April 8, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 127: Hidden OAuth attack vectors, Methodology for BOLA/IDOR Posted on April 1, 2021 (March 30, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 126: F5 iControl REST API under attack, Regexploit, Ford’s API security talk recording Posted on March 25, 2021 (March 25, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 125: iPhone call recorder API flaw, Burp and OpenAPI, GraphQL pentesting, FAPI Posted on March 18, 2021 (March 18, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 124: API vulnerabilities at Microsoft and Truecaller Guardians, Pentester labs, API security at Ford Motors Posted on March 11, 2021 (March 11, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 123: API vulnerabilities VMWare vCenter and Facebook, mismatch between JSON parsers, API security fixes in VS Code Posted on March 4, 2021 (March 4, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 122: API issues at Clubhouse and healthcare apps, scope-based recon, OAS v3.1.0 Posted on February 25, 2021 (February 24, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 121: Vulnerability at chess.com, GraphQL security playground and checklist Posted on February 18, 2021 (February 17, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 120: Video doorbells security flaws, intro to JWT attacks, security zines Posted on February 11, 2021 (February 10, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 119: NoxPlayer supply-chain attack through a hacked API Posted on February 4, 2021 (February 5, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 118: Spring Framework ALPS, OAuth 2.0 attack mindmap, securing JWTs Posted on January 28, 2021 (January 28, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 117: Vulnerabilities in YouTube and Ring Neighbors app, OAuth Mix-Up attacks, Tamper Dev Posted on January 21, 2021 (January 21, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 116: Facebook and Parler API vulnerabilities, clairvoyance Posted on January 14, 2021 (January 15, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 115: Vulnerabilities in SolarWinds, Ledger, Outlook. New plugin for JetBrains IDEs Posted on January 7, 2021 (September 22, 2021) by Dmitry Sotnikov in Newsletter Archive
  • Issue 114: SolarWinds and PickPoint breaches, GitHub Code Scanning review, GraphQL security Posted on December 17, 2020 (December 17, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 113: API vulnerabilities at YouTube and 1Password, OIDC security, Assetnote Wordlists Posted on December 10, 2020 (December 10, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 112: Vulnerability in Paginator, Microsoft RESTLer, talks on API authentication and JWT security Posted on December 3, 2020 (December 2, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 111: API vulnerabilities in AWS, Tesla Backup Gateway, Twitter Posted on November 26, 2020 (November 26, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 110: API flaws in Bumble and COVID-KAYA, Forrester on API security, ASC 2020 talks Posted on November 19, 2020 (November 19, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 109: API token best practices, Dredd, IDOR hunting tips Posted on November 12, 2020 (November 11, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 108: API vulnerabilities in Thrillophilia and GitLab Posted on November 5, 2020 (November 4, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 107: Vulnerabilities in Waze, AWS, and NHS COVID-19 app, Forrester App Sec Tech Tide Posted on October 29, 2020 (October 29, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 106: API flaws at GitLab and Grindr, APICheck, API World and apidays conferences next week Posted on October 22, 2020 (October 21, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 105: API vulnerabilities in HashiCorp, Azure App Services, and Qiui adult devices Posted on October 15, 2020 (October 15, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 104: API vulnerabilities at Twitter and Grandstream, mTLS in AWS API Gateway, Application Security Podcast Posted on October 8, 2020 (October 8, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 103: API vulnerabilities at Cisco, Shopify, BrandBQ, a security guide to CORS Posted on October 1, 2020 (September 30, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 102: Vulnerabilities in Facebook and campaign apps, creating defensible APIs Posted on September 24, 2020 (October 13, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 101: Vulnerabilities in Giggle, Google Cloud Platform, SonicWall, New Relic, Tesla Posted on September 17, 2020 (September 17, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 100: API Security advice from top industry experts Posted on September 10, 2020 (September 17, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 99: API flaws in the Mercedes-Benz app and Russian inter-bank money transfer Posted on September 3, 2020 (September 2, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 98: APIs as the next frontier in cybercrime Posted on August 27, 2020 (August 27, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 97: Gym apps & home automation vulnerabilities, how to not leak API keys Posted on August 20, 2020 (August 20, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 96: Vulnerabilities at Cisco and MGM Grand Resort, tutorial on Chrome DevTools and pentesting with GraphQL Posted on August 13, 2020 (August 12, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 95: Vulnerabilities at Zoom and OkCupid, progress on OAuth 2.1, API Information Disclosure tutorial Posted on August 6, 2020 (August 6, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 94: Two-day API security training at Black Hat USA Posted on July 30, 2020 (July 30, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 93: API authentication flaw in Chingari, a guide to OAuth Authorization Code grant Posted on July 23, 2020 (July 28, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 92: APIs putting dementia patients at risk, OAuth simulators Posted on July 16, 2020 (July 15, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 91: Homograph OAuth bypass, common JWT mistakes, ReDos attacks Posted on July 9, 2020 (July 8, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 90: Twitter API data security incident, Google Analytics APIs used with skimmers Posted on July 2, 2020 (July 1, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 89: Starbucks API flaw exposes almost 100 million customer accounts Posted on June 25, 2020 (June 25, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 88: JWT pentesting, API discovery, the present and future of OpenAPI Posted on June 18, 2020 (June 17, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 87: Vulnerabilities in Digilocker, Facebook, VMware Cloud Director Posted on June 11, 2020 (June 11, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 86: Vulnerabilities in Sign in with Apple, Qatar’s COVID19 app, GitLab Posted on June 4, 2020 (June 4, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 85: Vulnerability in Google Cloud Deployment Manager, a pentester’s guide to OAuth Posted on May 28, 2020 (May 28, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 84: Unprotected APIs at Google Firebase, leaky Arkansas PUA portal Posted on May 21, 2020 (May 20, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 83: India’s COVID-19 tracing app, OAuth2 API attacks Posted on May 14, 2020 (May 14, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 82: Most common GraphQL vulnerabilities, pentesting with Insomnia Posted on May 7, 2020 (May 6, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 81: Vulnerabilities in Microsoft Teams, Auth0, smart home hubs Posted on April 30, 2020 (April 29, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 80: API vulnerabilities IBM Data Risk Manager and Cisco Unified Computing System Posted on April 23, 2020 (April 22, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 79: 1.4 million doctor records scraped using API Posted on April 16, 2020 (April 16, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 78: Vulnerabilities in WordPress Rank Math, Tapplock, and TicTocTrack Posted on April 9, 2020 (April 8, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 77: Vulnerabilities in GitLab, OAuth 2.1 draft is out Posted on April 2, 2020 (April 1, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 76: 3rd-party API leaks 8 million shopping records Posted on March 26, 2020 (March 25, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 75: 98% of IoT traffic unencrypted, API DevSecOps in Azure Pipelines Posted on March 19, 2020 (March 19, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 74: Vulnerability in Login with Facebook, API security talks Posted on March 12, 2020 (March 12, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 73: Up to 75% credential abuse attacks target APIs Posted on March 5, 2020 (March 18, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 72: Vulnerabilities in WordPress ThemeREX Addons and Voatz, Facebook postmortem, JWT talks, OpenAPI Specification 3.0.3 Posted on February 27, 2020 by Dmitry Sotnikov in Newsletter Archive
  • Issue 71: Vulnerabilities in SoundCloud and Lime e-scooters, NIST Microservices security strategies Posted on February 20, 2020 by Dmitry Sotnikov in Newsletter Archive
  • Issue 70: Vulnerabilities in Twitter, Likud, Iowa caucus apps, two API security talks Posted on February 13, 2020 (February 13, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 69: Vulnerabilities in Azure Stack and Cisco TelePresence, API fuzzing Posted on February 6, 2020 (February 6, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 68: API security in Gartner Hype Cycle, McAfee threat predictions for 2020 Posted on January 30, 2020 (January 30, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 67: RFC for OAuth 2.0 Token Exchange, JWT Webinar Posted on January 23, 2020 by Dmitry Sotnikov in Newsletter Archive
  • Issue 66: Vulnerabilities in TikTok and InfiniteWP Client, AppSecCali 2020 Posted on January 16, 2020 (January 16, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 65: Vulnerabilities at Siemens, Cisco, D-Link, OWASP API Security Top 10 2019 out Posted on January 9, 2020 (January 8, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 64: API Vulnerabilities in Plenty of Fish, SonyLIV, SharePoint, Facebook Posted on January 2, 2020 (December 31, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 63: Microsoft and Google dropping Basic Auth, Thinkrace exposing 47mln+ devices Posted on December 26, 2019 (December 25, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 62: Vulnerabilities in Amazon Ring Neighbors and Droom, WebSocket API security Posted on December 19, 2019 (December 19, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 61: Exposed patient records, vulnerabilities at Airtel and Kaspersky Posted on December 12, 2019 (December 11, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 60: Microsoft Azure OAuth2 Vulnerability, 5G Threat Landscape, Webinars Posted on December 5, 2019 (December 5, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 59: Vulnerabilities in Fortinet, Truecaller, Nykaa Fashion, SMA M2 smartwatch Posted on November 28, 2019 (November 26, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 58: Broken Object Level Authorization explained, plus practical tips on API security Posted on November 21, 2019 (November 21, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 57: Vulnerabilities at Facebook, Amazon Ring, and GitHub, OWASP API Security Top 10 Webinar Posted on November 14, 2019 (November 14, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 56: Common JWT Attacks, OWASP API Security Top 10 cheat sheet Posted on November 7, 2019 (December 22, 2020) by Dmitry Sotnikov in Newsletter Archive
  • Issue 55: Vulnerabilities in eIDAS and Cisco routers, Instagram API program locked down Posted on October 31, 2019 (October 31, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 54: API vulnerabilities in eRosary, Kubernetes, Harbor Posted on October 24, 2019 (October 23, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 53: Vulnerabilities in TwitterKit, JustDial, Voi e-scooters Posted on October 17, 2019 (October 16, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 52: NIST Zero Trust Architecture Guidelines Posted on October 10, 2019 (October 10, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 51: Gartner releases full report on API security Posted on October 3, 2019 (October 17, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 50: Harbor API vulnerability, and the dangers of CRUD APIs Posted on September 26, 2019 (October 31, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 49: Uber account takeover and the leaky Get API Posted on September 19, 2019 (September 18, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 48: Vulnerabilities at Verizon and GPS trackers, S3 bucket names leaking Posted on September 12, 2019 (September 12, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 47: Cisco and MuleSoft vulnerabilities, API World passes Posted on September 5, 2019 (September 5, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 46: Cisco and Facebook patch APIs, Solr API parameter injection Posted on August 29, 2019 (August 28, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 45: Hacked dating apps and smartlocks, “Egregious 11” cloud security issues Posted on August 22, 2019 (August 21, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 44: ACS 2019 Agenda Posted on August 15, 2019 (August 15, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 43: REST API Security Testing Posted on August 8, 2019 (August 7, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 42: HTTP Security Headers Posted on August 1, 2019 (July 31, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 41: Tinder and Axway API Vulnerability, Equifax fined Posted on July 25, 2019 (July 25, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 40: Vulnerabilities in Instagram, 7-Eleven, Zipato Posted on July 18, 2019 (July 18, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 39: Vulnerable local Zoom webservers on 4+ mln Macs Posted on July 11, 2019 (July 11, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 38: Cracked smartlocks, X-Frame-Options, standards gaining adoption Posted on July 4, 2019 (July 4, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 37: Vulnerabilities with WebLogic and OnePlus, the Black Hat API workshop, and OAuth in action Posted on June 27, 2019 (June 27, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 36: Vulnerabilities at TP-Link, Venmo, Amcrest, and GateHub Posted on June 20, 2019 (December 2, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 35: IDE support for OpenAPI Posted on June 13, 2019 (June 13, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 34: OWASP launches API Security Top 10 project Posted on June 6, 2019 (November 22, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 33: First American leaks 885 million mortgage records Posted on May 30, 2019 (May 29, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 32: WAFs missing API attacks for 86% of users Posted on May 23, 2019 (May 23, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 31: Samsung SmartThings repo token leaks, and Facebook fined for API vulnerability Posted on May 16, 2019 (May 15, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 30: 5G going to REST. Breaches in Dell, Cisco, WebLogic, DockerHub, JustDial, iLnkP2P Posted on May 9, 2019 (May 8, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 29: OAuth2 attacks, car GPS vulnerabilities, and honeypot stats Posted on May 2, 2019 (May 1, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 28: Breaches in Tchap, Shopify, and JustDial Posted on April 25, 2019 (April 24, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 27: MyCar vulnerability, serverless, IoT API security Posted on April 18, 2019 (April 17, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 26: Verizon routers patched for API vulnerability Posted on April 11, 2019 (April 10, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 25: NIST microservices guidelines, Facebook opens up to pentesting Posted on April 4, 2019 (April 10, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 24: Unprotected APIs in implants, storing API secrets Posted on March 28, 2019 (March 28, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 23: Hacking ML, AWS Gateway Security, Gartner advice to CISO Posted on March 21, 2019 (March 20, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 22: SANS SWAT list, 42Crunch Platform launch Posted on March 14, 2019 (March 13, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 21: Amazon Ring Doorbell camera hacked, open APIs coming to healthcare Posted on March 7, 2019 (March 6, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 20: Drupal APIs hacked, EU releases IoT standards Posted on February 28, 2019 (February 28, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 19: Half of Amazon’s top-selling smart devices found vulnerable Posted on February 21, 2019 (February 20, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 17: 83 percent of web traffic is API, and why query parameters are bad for secrets Posted on February 7, 2019 (February 7, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 16: DHS DNS hijacking directive, plus 5 API security rules Posted on January 31, 2019 (January 31, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 15: Fortnite hack, TLS MITM attacks, SQL injections for NoSQL Posted on January 24, 2019 (January 23, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 14: Hacked hot tubs, airlines, trading sites; JSON encoding best practices Posted on January 17, 2019 (January 16, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 13: Microsoft services and Chromecast hacks, the limitations of WAF Posted on January 10, 2019 (January 9, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 12: Car APIs leaking location, breached security cameras, regulation that helps Posted on January 3, 2019 (January 3, 2019) by Dmitry Sotnikov in Newsletter Archive
  • Issue 11: Mutual TLS authentication in Golang open to DoS, XSS in Google Code-in Posted on December 20, 2018 (December 20, 2018) by Dmitry Sotnikov in Newsletter Archive
  • Understanding Golang TLS mutual authentication DoS – CVE-2018-16875 Posted on December 19, 2018 (December 20, 2018) by Dmitry Sotnikov in Newsletter Archive
  • Issue 10: Unprotected Docker and Ethereum APIs, McAfee 2019 forecast Posted on December 13, 2018 (December 12, 2018) by Dmitry Sotnikov in Newsletter Archive
  • Issue 9: Patch your Kubernetes and security cameras, check out the Node.js security guide Posted on December 6, 2018 (December 6, 2018) by Dmitry Sotnikov in Newsletter Archive
  • Issue 8: USPS API broken, APIdays, ETSI downgrades TLS Posted on November 29, 2018 (November 28, 2018) by Dmitry Sotnikov in Newsletter Archive
  • Issue 7: OAuth attacks, vulnerabilities in drones and kids’ watches Posted on November 21, 2018 (November 21, 2018) by Dmitry Sotnikov in Newsletter Archive
  • Issue 6: Steam API leaks keys, and why WAF does not help DevSecOps Posted on November 15, 2018 (November 15, 2018) by Dmitry Sotnikov in Newsletter Archive
  • Issue 5: Bad TLS client authentication, how not to use cURL, State of Software Security Posted on November 7, 2018 (November 15, 2018) by Dmitry Sotnikov in Newsletter Archive
  • Issue 4: Remini hacked, perils of free APIs, TLS explained, ATMs & SWIFT get APIs Posted on November 1, 2018 (November 15, 2018) by Dmitry Sotnikov in Newsletter Archive
  • Issue 3: TLS 1.3, securing JWT, US banks release a common API standard Posted on October 25, 2018 (November 15, 2018) by Dmitry Sotnikov in Newsletter Archive
  • Issue 2: California IoT security law, GoDaddy & AWS vulnerabilities Posted on October 18, 2018 (October 24, 2018) by Dmitry Sotnikov in Newsletter Archive
  • Issue 1: APIStrat, CORS, Samsung, Google, Facebook, GitLab, Apple Posted on October 11, 2018 (October 16, 2018) by Dmitry Sotnikov in Newsletter Archive

Categories

  • Industry News
  • Newsletter Archive
Apisecurity.io is powered by:
Legal Info
  • Our Terms of Use
  • Our Privacy Policy
  • Our Cookie Policy

Get in touch with us

Have any news to share? Ideas? Questions?

Contact Us

Copyright 2018-2022 42Crunch Ltd, All Rights Reserved.