Skip to content
  • Home
  • Tools
  • OWASP API Security Top 10
    • OWASP API Security Top 10 Vulnerabilities: 2023
    • OWASP API Security Top 10 Vulnerabilities: 2019
    • OWASP API Security Top 10 Project
  • Events
  • Newsletter
  • Contact Us

About: mark.dolan@42crunch.com

Posts by mark.dolan@42crunch.com:

  • Issue 278: OWASP API Bugs at Intel, TeaForHer, & McDonald’s, Optus Breach Fallout, APIs for AI Agents Posted on August 21, 2025 by Mark Dolan in Newsletter Archive
  • Issue 277: Hacking WAFs, AI benefits and risks, AI-ready with OpenAPI, Developers exposed Posted on August 7, 2025 (August 7, 2025) by Mark Dolan in Newsletter Archive
  • Issue 276: API discovery hype, BOLA at McDonalds, Cisco APIs exploited, input validation best practices Posted on July 24, 2025 (July 24, 2025) by Mark Dolan in Newsletter Archive
  • Issue 275: API hackers strike gold, Malicious API drift at CoinMarketCap, Survey reveals major API security gaps Posted on July 3, 2025 (July 3, 2025) by Mark Dolan in Newsletter Archive
  • Issue 274: Authorization nightmares, API security case studies, 23andMe fined £2.3M, OAuth for Cloud Native APIs Posted on June 19, 2025 (June 20, 2025) by Mark Dolan in Newsletter Archive
  • Issue 273: Dangers from AI Hype, Top OWASP Threats in Action, Emerging MCP Risks Posted on June 5, 2025 (June 5, 2025) by Mark Dolan in Newsletter Archive
  • Issue 272: Volkswagen API hacked, API flaws in Instagram & Tiktok, ELi attacks, Radware & Cisco API vulnerabilities Posted on May 22, 2025 (May 22, 2025) by Mark Dolan in Newsletter Archive
  • Issue 271: API breaches surge in APAC, ‘Raw’ dating app exposes users, API credential missteps & API sprawl Posted on May 8, 2025 by Mark Dolan in Newsletter Archive
  • Issue 270: AI double agents, securing API access, OpenAPI-driven MCP, APIs expose 33,000 employees Posted on April 24, 2025 (April 24, 2025) by Mark Dolan in Newsletter Archive
  • Issue 269: API Security Guidelines, Mastering OpenAPI, Security Flaws in Shopware and Zabbix APIs Posted on April 10, 2025 (April 10, 2025) by Mark Dolan in Newsletter Archive
  • Issue 268: Cloudflare disables HTTP, Moodle and Flowise API flaws, DevSecOps & API secure design Posted on March 27, 2025 (March 28, 2025) by Mark Dolan in Newsletter Archive
  • Issue 267: AI to replace Pentesters, Radware Threat report, API bugs at Medefer and Zitadel, API holes in OpenBanking Posted on March 13, 2025 (March 14, 2025) by Mark Dolan in Newsletter Archive
  • Issue 266: API governance, KYC leak at the Post Office, SQL injection bug in Fintech API, API best practices Posted on February 27, 2025 (February 27, 2025) by Mark Dolan in Newsletter Archive
  • Issue 265: YouTube API privacy bug, Medical records leaked, OpenAPI News, Spring Boot API impacts Volkswagen Posted on February 13, 2025 (February 13, 2025) by Mark Dolan in Newsletter Archive
  • Issue 264: Pwn2Own Automotive 2025, Subaru APIs hacked, DevSecOps for the connected vehicle Posted on January 30, 2025 by Mark Dolan in Newsletter Archive
  • Issue 263: Trellix & Aviatrix API exploits, API risks in education, API configuration bugs & secure coding practices Posted on January 16, 2025 (January 16, 2025) by Mark Dolan in Newsletter Archive
  • Issue 262: API incidents in Invoice Ninja, McDonald’s & Truecaller apps, Jetbrains survey, Postman data leaks Posted on January 3, 2025 by Mark Dolan in Newsletter Archive
  • Issue 261: API Security in 2025, OWASP insecure design, path traversal flaws for Mitel and Sailpoint Posted on December 19, 2024 (December 19, 2024) by Mark Dolan in Newsletter Archive
  • Issue 260: Attacking the API SDLC, lessons from an API bounty hunter, Node APIs done right and news of recent vulnerabilities Posted on December 4, 2024 (December 19, 2024) by Mark Dolan in Newsletter Archive
  • Issue 259: API flaw exposes 4 million WordPress sites, API error handling bugs, a case for API First Posted on November 21, 2024 (November 21, 2024) by Mark Dolan in Newsletter Archive
  • Issue 258: API governance at Vodafone, OpenAPI updates, APIs with OWASP vulnerabilities Posted on November 7, 2024 (November 8, 2024) by Mark Dolan in Newsletter Archive
  • Issue 257: Internet Archive under attack, API Gateways insecure by default, OWASP injection attacks Posted on October 24, 2024 (October 25, 2024) by Mark Dolan in Newsletter Archive
  • Issue 256: Privilege escalation bugs in Kia vehicles, Cisco and Gov APIs, NIST’s new rules for password security Posted on October 10, 2024 (October 10, 2024) by Mark Dolan in Newsletter Archive
  • Issue 255: Versa Director API flaw, Feeld BOLA vulnerabilities, logic flaw risks aircraft disaster Posted on September 26, 2024 (September 26, 2024) by Mark Dolan in Newsletter Archive
  • Issue 254: WhatsApp and IBM WebMethods vulnerabilities, 3rd-party API and LLM risks, API access controls Posted on September 12, 2024 (September 12, 2024) by Mark Dolan in Newsletter Archive
  • Issue 253: Breached companies face litigation, SQL injection in Cisco APIs, API Security for Automotive & Finance Posted on August 29, 2024 (August 29, 2024) by Mark Dolan in Newsletter Archive
  • Issue 252: API Security in APAC, Crowdstrike and canary tests, API vulnerabilities in solar platforms and React apps, Costs of a data breach Posted on August 15, 2024 (August 22, 2024) by Mark Dolan in Newsletter Archive
  • Issue 251: FCC mandates API security, API vulnerabilities in dating apps and Docker plugins, Life360 API data leak Posted on August 1, 2024 (August 1, 2024) by Mark Dolan in Newsletter Archive
  • Issue 250: Authy API breach, US agencies push secure by design, APIs grill IoT devices, shares by our readers Posted on July 18, 2024 (July 18, 2024) by Mark Dolan in Newsletter Archive
  • Issue 249: Major API breach at Optus, CocoaPods exposed, Bad Bots and API DoS attacks, Webinar: 2024 API breaches Posted on July 4, 2024 (July 4, 2024) by Mark Dolan in Newsletter Archive
  • Issue 248: API penetration of apps and modems, GraphQL and its discontents, API security for supply chain and automotive Posted on June 20, 2024 (June 20, 2024) by Mark Dolan in Newsletter Archive
  • Issue 247: Dropbox and Dell breaches, vulnerability in Next.js, API growth causing concerns Posted on May 31, 2024 (May 31, 2024) by Mark Dolan in Newsletter Archive
  • Issue 245: Delinea patches API vulnerability, API vulnerability in Palo Alto devices Posted on May 3, 2024 by Mark Dolan in Newsletter Archive
  • Issue 244: Threats to enterprises in the cloud, looming threats to APIs, API SDK generation tools Posted on April 18, 2024 (April 18, 2024) by Mark Dolan in Newsletter Archive
  • Issue 243: Economics of API attacks, understanding CORS, blocking compromised API tokens Posted on April 9, 2024 (April 9, 2024) by Mark Dolan in Newsletter Archive
  • Issue 242: API governance to avoid tech sprawl, API security in digital transformation, AI for APIs Posted on March 20, 2024 (March 20, 2024) by Mark Dolan in Newsletter Archive
  • Issue 241: Two critical flaws in FortiSIEM product, making public APIs private, API security strategy Posted on March 6, 2024 (March 20, 2024) by Mark Dolan in Newsletter Archive
  • Issue 240: Spoutible API leakage, 15M Trello profiles scraped, API secret tokens leaked Posted on February 22, 2024 (February 22, 2024) by Mark Dolan in Newsletter Archive
  • Issue 239: Hugging Face API token breach, SonicWall firewalls exploit, Kubernetes API gateway guide Posted on February 8, 2024 (February 8, 2024) by Mark Dolan in Newsletter Archive
  • Issue 238: APIs used to target business, cloud-native for APIs, and APIs becoming attractive targets Posted on January 25, 2024 (January 25, 2024) by Mark Dolan in Newsletter Archive
  • Issue 237: Six API trends for 2024, API keys leading to vulnerabilities, the future of API gateways Posted on January 10, 2024 by Mark Dolan in Newsletter Archive
  • Issue 236: Using a developer portal, dark data in APIs, an update on Ray AI framework, predictions for 2024 Posted on December 21, 2023 (December 22, 2023) by Mark Dolan in Newsletter Archive
  • Issue 235: 25m loss at Kronos due to API key loss and three other API vulnerabilities Posted on December 14, 2023 (December 14, 2023) by Mark Dolan in Newsletter Archive
  • Issue 234: Sumo Logic breach leads to key reset, risk of RBAC vulnerabilities, automated API contracts Posted on December 5, 2023 (December 5, 2023) by Mark Dolan in Newsletter Archive
  • Issue 233: Flaws in OAuth social sign-in, securing API gateways, scalable SaaS security Posted on November 16, 2023 by Mark Dolan in Newsletter Archive
  • Issue 232: API attacks surge, the silent threat of APIs, Jumpcloud incident review Posted on November 1, 2023 by Mark Dolan in Newsletter Archive
  • Issue 231: API authentication bypass in Ivanti Sentry, Docker images expose API and keys Posted on October 18, 2023 by Mark Dolan in Newsletter Archive
  • Issue 230: OpenSea API breach, flaw in Atlas VPN, using API fuzzing Posted on October 5, 2023 (October 6, 2023) by Mark Dolan in Newsletter Archive
  • Issue 229: Incidents with DuoLingo and JumpCloud, FastAPI for APIs, and five best practices Posted on September 21, 2023 by Mark Dolan in Newsletter Archive
  • Issue 228: 3rd party API security, OAuth2 step-up deep-dive, shadow and zombie APIs Posted on September 7, 2023 (September 7, 2023) by Mark Dolan in Newsletter Archive
  • Issue 227: GhostToken on Google Cloud, Gartner on zero trust, API authentication Posted on August 25, 2023 by Mark Dolan in Newsletter Archive
  • Issue 226 : Jetpack WordPress plugin has API vulnerability, how to address API security in 2023 Posted on August 10, 2023 by Mark Dolan in Newsletter Archive
  • Issue 225 : API security needs a reset, vAPI walkthrough, five stages to attain API security Posted on July 26, 2023 by Mark Dolan in Newsletter Archive
  • Issue 224 : API security is critical in 2023, API contract testing, and Fencer security testing tool Posted on July 6, 2023 (July 7, 2023) by Mark Dolan in Newsletter Archive
  • Issue 223 : Becoming an API security expert, AI for API hackers, building API cross-functional teams Posted on June 25, 2023 by Mark Dolan in Newsletter Archive
  • Issue 222: Attackers exploiting APIs faster than ever, DVGA walkthrough, Twitter outage Posted on June 11, 2023 by Mark Dolan in Newsletter Archive
  • Issue 221: Credential leakage fueling API breaches, API gateway security, PCI DSS 4 impact on API security Posted on June 3, 2023 (June 3, 2023) by Mark Dolan in Newsletter Archive
  • Issue 220: API flaw in Booking.com, apps leaking sensitive API data, API security testing checklist Posted on May 25, 2023 by Mark Dolan in Newsletter Archive
  • Issue 219: Money Lover app exposes user data, most web API flaws missed by standard testing Posted on May 12, 2023 (May 13, 2023) by Mark Dolan in Newsletter Archive
  • Issue 218: Three Argo CD API exploits, distributed identity for modern API security Posted on May 5, 2023 (May 5, 2023) by Mark Dolan in Newsletter Archive
  • Issue 217: Wordle API exposes answers, Twitter API breach updates, AWS exposed dangerous API Posted on April 28, 2023 (April 28, 2023) by Mark Dolan in Newsletter Archive
  • Issue 216: Hacking a .Net application, state of API security report, myths of API security Posted on March 27, 2023 (March 29, 2023) by Mark Dolan in Newsletter Archive
  • Issue 215: API flaws in Lego marketplace, API style guides, 42Crunch joins MISA Posted on March 5, 2023 (March 5, 2023) by Mark Dolan in Newsletter Archive
  • Issue 214: Google Cloud’s four pillars of API security, Cerbos for API permissions, attacking predictable GUIDs Posted on February 9, 2023 by Mark Dolan in Newsletter Archive
  • Issue 213: Supply chain vulnerability in IBM Cloud, hardcoded API keys in Algolia portal, JSON-based SQL attacks Posted on January 26, 2023 by Mark Dolan in Newsletter Archive
  • Issue 212: Remote control of vehicles, API hacking for QA teams, API Top 10 walkthrough Posted on January 15, 2023 by Mark Dolan in Newsletter Archive
  • Issue 211: SQLi vulnerability in Zendesk Explore, Twitter API vulnerability, API threats to data-driven enterprises Posted on December 9, 2022 (December 9, 2022) by Mark Dolan in Newsletter Archive
  • Issue 210: CSRF vulnerability in F5, supply chain attacks, hacking APIs, GCP API security report Posted on November 30, 2022 (November 30, 2022) by Mark Dolan in Newsletter Archive
  • Issue 209: CSRF in Plesk API-enabled server, top five API security myths, Ory Hydra authentication server Posted on November 17, 2022 by Mark Dolan in Newsletter Archive
  • Issue 208: Urlscan.io leaks sensitive data, Dropbox phishing attack, contract test for microservices Posted on November 9, 2022 by Mark Dolan in Newsletter Archive
  • Issue 207: Tinder API gateway, runtime secrets protection for mobile APIs, and Open Banking APIs Posted on November 2, 2022 by Mark Dolan in Newsletter Archive
  • Issue 205: Manufacturing industry seeing more API incidents than other industries, two guides on developing secure APIs Posted on October 20, 2022 by Mark Dolan in Newsletter Archive
  • Issue 204: API attacks on shadow APIs, PII leaks from e-commerce APIs, API runtime security Posted on October 14, 2022 by Mark Dolan in Newsletter Archive
  • Issue 203: Optus data breach, API security guide, AuthN/AuthZ vulnerabilities Posted on October 7, 2022 by Mark Dolan in Newsletter Archive
  • Issue 202: Six top API security risks, why APIs have no clothes, and a guide on API security testing Posted on September 14, 2022 by Mark Dolan in Newsletter Archive
  • Issue 201: API security in Kubernetes, Corey Ball podcast, broken access controls for APIs, 200th issue prize giveaway Posted on September 9, 2022 by Mark Dolan in Newsletter Archive
  • Issue 200: Injection vulnerability in BitBucket, OAuth2 exploitation, and 200th issue prize giveaways Posted on September 1, 2022 (September 1, 2022) by Mark Dolan in Newsletter Archive
  • Issue 199: Vulnerability in Zulip server, broken access controls threat to APIs, introduction to BOLA Posted on August 25, 2022 by Mark Dolan in Newsletter Archive
  • Issue 198: API security certification, API authentication webinar, optimizing API security Posted on August 18, 2022 (August 21, 2022) by Mark Dolan in Newsletter Archive
  • Issue 197: Apps leaking Twitter tokens, parameter smuggling attack in Golang, API catalogs for security Posted on August 14, 2022 by Mark Dolan in Newsletter Archive
  • Issue 196: Software supply chains, APIs in healthcare, Azure API management baselines Posted on August 3, 2022 by Mark Dolan in Newsletter Archive
  • Issue 195: How DevOps teams defend against API attacks, empathy for the API developer Posted on July 28, 2022 by Mark Dolan in Newsletter Archive
  • Issue 194: API testing checklist, API security testing resources, CVSS for API security Posted on July 21, 2022 by Mark Dolan in Newsletter Archive
  • Issue 193: Five API security best practices, AppSec tools for APIs Posted on July 14, 2022 by Mark Dolan in Newsletter Archive
  • Issue 192: Vulnerable APIs costing $75 billion, new Google API security platform Posted on July 6, 2022 (July 6, 2022) by Mark Dolan in Newsletter Archive
  • Issue 191: API insecurity causing rising incidents, policy-as-code for API security Posted on June 29, 2022 by Mark Dolan in Newsletter Archive
  • Issue 190: Akamai’s report on APIs, API security checklist, dangers of API security overconfidence Posted on June 22, 2022 by Mark Dolan in Newsletter Archive
  • Issue 189: Vulnerability in Travis CI log API, Microsoft guide to API security, and why API security needs special attention Posted on June 15, 2022 by Mark Dolan in Newsletter Archive
  • Issue 188: API security for smart cars, ownership of the API lifecycle, APIs a top CISO concern Posted on June 8, 2022 (June 8, 2022) by Mark Dolan in Newsletter Archive
  • Issue 187: RCE and API vulnerability in OAS platform, account takeover in Yunmai smart scale Posted on June 1, 2022 by Mark Dolan in Newsletter Archive
  • Issue 186: Kubernetes API servers exposed, vulnerability in Swagger-UI library, Google views on API economy Posted on May 25, 2022 by Mark Dolan in Newsletter Archive
  • Issue 185: Three trends in API security, GraphQL securing risks, the importance of API discovery Posted on May 18, 2022 by Mark Dolan in Newsletter Archive
  • Issue 184: RCE in F5 BIG-IP suite, API security maturity, hardening GCP implementations Posted on May 11, 2022 (May 11, 2022) by Mark Dolan in Newsletter Archive
  • Issue 183: API vulnerability in VeryFitPro, exposed Docker APIs targeted by botnets, TruffleHog finds stored credentials Posted on May 4, 2022 by Mark Dolan in Newsletter Archive
  • Issue 182: Drupal patches API vulnerability, Google Cloud on API security challenges, guide to OAuth2 Posted on April 27, 2022 by Mark Dolan in Newsletter Archive
  • Webinar – Actively Monitor and Defend Your APIs with 42Crunch and the Azure Sentinel Platform Posted on April 27, 2022 by Mark Dolan in Newsletter Archive
  • Issue 181: Vulnerability in Wavlink router, API exposing system passwords, views on internal APIs Posted on April 20, 2022 by Mark Dolan in Newsletter Archive
  • Issue 180: API vulnerability in Easy!Appointments platform, new APIs compromising security Posted on April 13, 2022 by Mark Dolan in Newsletter Archive
  • Issue 179: Spring4Shell zero-day, CRI-O container runtime vulnerability, and REST API security reference Posted on April 6, 2022 (April 6, 2022) by Mark Dolan in Newsletter Archive
  • Issue 178: Six areas for Cloud-native security, API governance, DevOps for improved API security, locking down APIs Posted on March 30, 2022 by Mark Dolan in Newsletter Archive
  • Issue 177: Vulnerabilities in Veeam product, RCE in Parse Server module, insecure API threat to mobile apps Posted on March 23, 2022 by Mark Dolan in Newsletter Archive
  • Webinar – OWASP API Security Top 10 Challenges – Third and Final Episode Posted on March 23, 2022 (March 23, 2022) by Mark Dolan in Newsletter Archive
  • Issue 176: Case study of API vulnerabilities, Riverbed vulnerability, API abuse, JWT safety Posted on March 16, 2022 by Mark Dolan in Newsletter Archive
  • Issue 175: Vulnerabilities affecting Cisco platforms, GitLab instances, and campus access control Posted on March 9, 2022 by Mark Dolan in Newsletter Archive
  • Webinar: How to Extend Protection of your Data from API to Mobile Application Posted on March 3, 2022 (March 3, 2022) by Mark Dolan in Newsletter Archive
  • Issue 174: APIs increasingly used for account takeover, API hacking book, OAuth in Postman Posted on March 2, 2022 by Mark Dolan in Newsletter Archive
  • Issue 173: Coinbase vulnerability, AuthN/AuthZ best practices, bad bots, Elgato Key light hack Posted on February 23, 2022 by Mark Dolan in Newsletter Archive
  • Issue 172: Argo CD vulnerability, state of API security survey, API testing with Zap and Postman Posted on February 16, 2022 by Mark Dolan in Newsletter Archive
  • Addressing the OWASP API Authentication and Authorization Challenges.  Posted on February 10, 2022 (February 10, 2022) by Mark Dolan in Industry News
  • Issue 171: DPD parcel tracking flaw, Apache Pulsar and Casdoor vulnerabilities, trends in API industry Posted on February 9, 2022 by Mark Dolan in Newsletter Archive
  • Issue 170: DevSecOps approach to API security, F5 vulnerabilities, ten API integration trends Posted on February 2, 2022 by Mark Dolan in Newsletter Archive
  • Issue 169: Insecure API in WordPress plugin, Tesla 3rd party vulnerability, introducing vAPI Posted on January 26, 2022 by Mark Dolan in Newsletter Archive
  • OWASP API Security Top 10 Challenges – Webinar Series Posted on January 20, 2022 (January 25, 2022) by Mark Dolan in Newsletter Archive
  • Issue 168: Safari 15 IndexedDB API vulnerability, a pair of AWS vulnerabilities, and an API security podcast Posted on January 20, 2022 by Mark Dolan in Newsletter Archive
  • Issue 167: Uber bug allows spoof emails, partner-facing APIs on the rise, omnichannel APIs increase risk Posted on January 13, 2022 (January 20, 2022) by Mark Dolan in Newsletter Archive
  • Issue 166: Securing large API ecosystems, creating OpenAPI from HTTP traffic, Frankenstein APIs, and API proliferation Posted on January 6, 2022 (January 6, 2022) by Mark Dolan in Newsletter Archive
  • Issue 165: Vulnerability in All in One WordPress plugin, why to treat all APIs as public, a beginner’s guide to API security Posted on December 23, 2021 by Mark Dolan in Newsletter Archive
  • Issue 164: Log4Shell vulnerability, API sprawl an increasing threat, API security design best practices, Zero Trust for APIs Posted on December 15, 2021 by Mark Dolan in Newsletter Archive
  • Issue 163: Why API security strategies fail, AWS keynote on good API design, biggest breaches in 2021 Posted on December 8, 2021 by Mark Dolan in Newsletter Archive
  • Issue 162: Compromised Google Cloud accounts, GraphQL as API gateway, API security guide and training Posted on December 1, 2021 by Mark Dolan in Newsletter Archive
  • Webinar: Automate API Protection with “Security as Code” Posted on November 30, 2021 by Mark Dolan in Newsletter Archive
  • Issue 161: Vulnerability in Wipro Holmes Orchestrator, report into vulnerabilities in FinTech and banking apps Posted on November 24, 2021 by Mark Dolan in Newsletter Archive
  • Issue 160: Vulnerability in AWS API gateway, Kubernetes API access hardening guide Posted on November 18, 2021 by Mark Dolan in Newsletter Archive
  • Issue 159: Vulnerability in GoCD CI/CD platform, views on full lifecycle API security, articles on API security and sprawl Posted on November 10, 2021 by Mark Dolan in Newsletter Archive
  • Issue 158: Data of 400 000 students exposed, 1 million sites affected by plugin vulnerabilities, views on GraphQL Posted on November 3, 2021 by Mark Dolan in Newsletter Archive
  • Issue 157: Unsafe defaults in Prometheus, mapping API attack surfaces, OpenAPI file trend analysis Posted on October 27, 2021 by Mark Dolan in Newsletter Archive
  • Issue 156: FHIR APIs vulnerable to abuse, 3D printers facing hijacking risk, API security webinar Posted on October 20, 2021 (October 20, 2021) by Mark Dolan in Newsletter Archive
  • Issue 155: Vulnerability in BrewDog mobile app, APIClarity at KubeCon, API attacks in Open Banking Posted on October 13, 2021 (October 13, 2021) by Mark Dolan in Newsletter Archive
  • Issue 154: Views on APIs and security, report into API misconfiguration, detecting malicious API activity Posted on October 6, 2021 (October 6, 2021) by Mark Dolan in Newsletter Archive
  • Issue 153: Rapid proliferation of APIs, WordPress API vulnerability, false-negative API scanning Posted on September 29, 2021 (October 1, 2021) by Mark Dolan in Newsletter Archive
  • Issue 152: Exposed API keys and tokens, SAST/DAST for API security testing, the value of API specifications Posted on September 22, 2021 (September 22, 2021) by Mark Dolan in Newsletter Archive
  • Issue 151: WordPress 5.8.1 security patch, API botnet attacks report, articles on API tokens and API discovery Posted on September 15, 2021 (September 15, 2021) by Mark Dolan in Newsletter Archive
  • Issue 150: Vulnerability in Fortress home security system, API fuzzing techniques, hardening GraphQL implementations, and central governance for APIs Posted on September 9, 2021 (September 8, 2021) by Mark Dolan in Newsletter Archive
  • Issue 149: Vulnerabilities on Cisco routers and Bumble, adopting Zero Trust for APIs, a hacker’s view on API security challenges Posted on September 1, 2021 (September 5, 2021) by Mark Dolan in Newsletter Archive
  • Issue 148: Microsoft Power Apps breach, BOLA on Topcoder portal, RFC 9101 released, API hacking guide Posted on August 25, 2021 (August 25, 2021) by Mark Dolan in Newsletter Archive
  • Issue 147: Vulnerabilities in SEOPress plugin and Steam portal, results from an application security survey Posted on August 19, 2021 (August 18, 2021) by Mark Dolan in Newsletter Archive
  • Issue 146: Facebook API leaking private group membership, JWT Attacker plugin for Burp Posted on August 12, 2021 (August 18, 2021) by Mark Dolan in Newsletter Archive
  • Issue 145: APIs and electric car charging stations, The Nuts and Bolts of OAuth 2.0 Posted on August 5, 2021 (August 5, 2021) by Mark Dolan in Newsletter Archive
  • Issue 144: JustDial API vulnerability re-emerges, API key checker, the state of OAuth Posted on July 29, 2021 (July 29, 2021) by Mark Dolan in Newsletter Archive
  • Issue 143: GraphQL API leaking credit cards, SQLi in JWT, XML attacks mind map Posted on July 21, 2021 (July 21, 2021) by Mark Dolan in Newsletter Archive
  • Issue 142: API vulnerabilities in Coursera and Huawei, GraphQL rate limiting and discovery Posted on July 15, 2021 (July 15, 2021) by Mark Dolan in Newsletter Archive
  • Issue 141: API vulnerabilities in VeryFitPro and Gettr, AWS Lambda authorizers, AsyncAPI 2.1 Posted on July 8, 2021 (July 8, 2021) by Mark Dolan in Newsletter Archive
  • Issue 140: API vulnerabilities at LazyPay, Western Digital, and LinkedIn; IDOR mindmap Posted on July 1, 2021 (July 1, 2021) by Mark Dolan in Newsletter Archive
  • Issue 139: API vulnerabilities at Apple, Amazon, and 1Sambayan, upcoming Gartner webinar Posted on June 24, 2021 (June 23, 2021) by Mark Dolan in Newsletter Archive
  • Issue 138: Vulnerabilities in Microsoft Teams and Instagram Posted on June 17, 2021 (June 16, 2021) by Mark Dolan in Newsletter Archive
  • Issue 137: Vulnerabilities in VMware vCenter and Apache Pulsar, GraphQL and CSRF attacks Posted on June 10, 2021 (June 9, 2021) by Mark Dolan in Newsletter Archive
  • Issue 136: OAuth 2.0 security checklist and pentesting Posted on June 3, 2021 (June 3, 2021) by Mark Dolan in Newsletter Archive
  • Issue 135: Millions stolen from cryptoexchanges through APIs Posted on May 27, 2021 (May 27, 2021) by Mark Dolan in Newsletter Archive
  • Issue 134: API vulnerabilities at Echelon, Instagram, Facebook Workspace Posted on May 20, 2021 (May 20, 2021) by Mark Dolan in Newsletter Archive
  • Issue 133: Vulnerable Peloton APIs, API contract generation for .NET Posted on May 13, 2021 (May 13, 2021) by Mark Dolan in Newsletter Archive
  • Issue 132: Experian API leak, breaches at DigitalOcean and Geico, Burp plugins, vAPI lab Posted on May 6, 2021 (May 5, 2021) by Mark Dolan in Newsletter Archive
  • Issue 131: API vulnerabilities at John Deere, Springfox, JWT lab, AutoGraphQL Posted on April 29, 2021 (April 29, 2021) by Mark Dolan in Newsletter Archive
  • Issue 130: GitHub’s new token format, MindAPI, Kiterunner Posted on April 22, 2021 (April 22, 2021) by Mark Dolan in Newsletter Archive
  • Issue 129: Facebook and Clubhouse profiles scraped through APIs, Forrester’s “State of Application Security, 2021” Posted on April 15, 2021 (April 14, 2021) by Mark Dolan in Newsletter Archive
  • Issue 128: API flaws at VMware and GitLab, URL parameters and SSRF, webinar on recent breaches Posted on April 8, 2021 (April 8, 2021) by Mark Dolan in Newsletter Archive
  • Issue 127: Hidden OAuth attack vectors, Methodology for BOLA/IDOR Posted on April 1, 2021 (March 30, 2021) by Mark Dolan in Newsletter Archive
  • Issue 126: F5 iControl REST API under attack, Regexploit, Ford’s API security talk recording Posted on March 25, 2021 (March 25, 2021) by Mark Dolan in Newsletter Archive
  • Issue 125: iPhone call recorder API flaw, Burp and OpenAPI, GraphQL pentesting, FAPI Posted on March 18, 2021 (March 18, 2021) by Mark Dolan in Newsletter Archive
  • Issue 124: API vulnerabilities at Microsoft and Truecaller Guardians, Pentester labs, API security at Ford Motors Posted on March 11, 2021 (March 11, 2021) by Mark Dolan in Newsletter Archive
  • Issue 123: API vulnerabilities VMWare vCenter and Facebook, mismatch between JSON parsers, API security fixes in VS Code Posted on March 4, 2021 (March 4, 2021) by Mark Dolan in Newsletter Archive
  • Issue 122: API issues at Clubhouse and healthcare apps, scope-based recon, OAS v3.1.0 Posted on February 25, 2021 (February 24, 2021) by Mark Dolan in Newsletter Archive
  • Issue 121: Vulnerability at chess.com, GraphQL security playground and checklist Posted on February 18, 2021 (February 17, 2021) by Mark Dolan in Newsletter Archive
  • Issue 120: Video doorbells security flaws, intro to JWT attacks, security zines Posted on February 11, 2021 (February 10, 2021) by Mark Dolan in Newsletter Archive
  • Issue 119: NoxPlayer supply-chain attack through a hacked API Posted on February 4, 2021 (February 5, 2021) by Mark Dolan in Newsletter Archive
  • Issue 118: Spring Framework ALPS, OAuth 2.0 attack mindmap, securing JWTs Posted on January 28, 2021 (January 28, 2021) by Mark Dolan in Newsletter Archive
  • Issue 117: Vulnerabilities in YouTube and Ring Neighbors app, OAuth Mix-Up attacks, Tamper Dev Posted on January 21, 2021 (January 21, 2021) by Mark Dolan in Newsletter Archive
  • Issue 116: Facebook and Parler API vulnerabilities, clairvoyance Posted on January 14, 2021 (January 15, 2021) by Mark Dolan in Newsletter Archive
  • Issue 115: Vulnerabilities in SolarWinds, Ledger, Outlook. New plugin for JetBrains IDEs Posted on January 7, 2021 (September 22, 2021) by Mark Dolan in Newsletter Archive
  • Issue 114: SolarWinds and PickPoint breaches, GitHub Code Scanning review, GraphQL security Posted on December 17, 2020 (December 17, 2020) by Mark Dolan in Newsletter Archive
  • Issue 113: API vulnerabilities at YouTube and 1Password, OIDC security, Assetnote Wordlists Posted on December 10, 2020 (December 10, 2020) by Mark Dolan in Newsletter Archive
  • Issue 112: Vulnerability in Paginator, Microsoft RESTLer, talks on API authentication and JWT security Posted on December 3, 2020 (December 2, 2020) by Mark Dolan in Newsletter Archive
  • Issue 111: API vulnerabilities in AWS, Tesla Backup Gateway, Twitter Posted on November 26, 2020 (November 26, 2020) by Mark Dolan in Newsletter Archive
  • Issue 110: API flaws in Bumble and COVID-KAYA, Forrester on API security, ASC 2020 talks Posted on November 19, 2020 (November 19, 2020) by Mark Dolan in Newsletter Archive
  • Issue 109: API token best practices, Dredd, IDOR hunting tips Posted on November 12, 2020 (November 11, 2020) by Mark Dolan in Newsletter Archive
  • Issue 108: API vulnerabilities in Thrillophilia and GitLab Posted on November 5, 2020 (November 4, 2020) by Mark Dolan in Newsletter Archive
  • Issue 107: Vulnerabilities in Waze, AWS, and NHS COVID-19 app, Forrester App Sec Tech Tide Posted on October 29, 2020 (October 29, 2020) by Mark Dolan in Newsletter Archive
  • Issue 106: API flaws at GitLab and Grindr, APICheck, API World and apidays conferences next week Posted on October 22, 2020 (October 21, 2020) by Mark Dolan in Newsletter Archive
  • Issue 105: API vulnerabilities in HashiCorp, Azure App Services, and Qiui adult devices Posted on October 15, 2020 (October 15, 2020) by Mark Dolan in Newsletter Archive
  • Issue 104: API vulnerabilities at Twitter and Grandstream, mTLS in AWS API Gateway, Application Security Podcast Posted on October 8, 2020 (October 8, 2020) by Mark Dolan in Newsletter Archive
  • Issue 103: API vulnerabilities at Cisco, Shopify, BrandBQ, a security guide to CORS Posted on October 1, 2020 (September 30, 2020) by Mark Dolan in Newsletter Archive
  • Issue 102: Vulnerabilities in Facebook and campaign apps, creating defensible APIs Posted on September 24, 2020 (October 13, 2020) by Mark Dolan in Newsletter Archive
  • Issue 101: Vulnerabilities in Giggle, Google Cloud Platform, SonicWall, New Relic, Tesla Posted on September 17, 2020 (September 17, 2020) by Mark Dolan in Newsletter Archive
  • Issue 100: API Security advice from top industry experts Posted on September 10, 2020 (September 17, 2020) by Mark Dolan in Newsletter Archive
  • Issue 99: API flaws in the Mercedes-Benz app and Russian inter-bank money transfer Posted on September 3, 2020 (September 2, 2020) by Mark Dolan in Newsletter Archive
  • Issue 98: APIs as the next frontier in cybercrime Posted on August 27, 2020 (August 27, 2020) by Mark Dolan in Newsletter Archive
  • Issue 97: Gym apps & home automation vulnerabilities, how to not leak API keys Posted on August 20, 2020 (August 20, 2020) by Mark Dolan in Newsletter Archive
  • Issue 96: Vulnerabilities at Cisco and MGM Grand Resort, tutorial on Chrome DevTools and pentesting with GraphQL Posted on August 13, 2020 (August 12, 2020) by Mark Dolan in Newsletter Archive
  • Issue 95: Vulnerabilities at Zoom and OkCupid, progress on OAuth 2.1, API Information Disclosure tutorial Posted on August 6, 2020 (August 6, 2020) by Mark Dolan in Newsletter Archive
  • Issue 94: Two-day API security training at Black Hat USA Posted on July 30, 2020 (July 30, 2020) by Mark Dolan in Newsletter Archive
  • Issue 93: API authentication flaw in Chingari, a guide to OAuth Authorization Code grant Posted on July 23, 2020 (July 28, 2020) by Mark Dolan in Newsletter Archive
  • Issue 92: APIs putting dementia patients at risk, OAuth simulators Posted on July 16, 2020 (July 15, 2020) by Mark Dolan in Newsletter Archive
  • Issue 91: Homograph OAuth bypass, common JWT mistakes, ReDos attacks Posted on July 9, 2020 (July 8, 2020) by Mark Dolan in Newsletter Archive
  • Issue 90: Twitter API data security incident, Google Analytics APIs used with skimmers Posted on July 2, 2020 (July 1, 2020) by Mark Dolan in Newsletter Archive
  • Issue 89: Starbucks API flaw exposes almost 100 million customer accounts Posted on June 25, 2020 (June 25, 2020) by Mark Dolan in Newsletter Archive
  • Issue 88: JWT pentesting, API discovery, the present and future of OpenAPI Posted on June 18, 2020 (June 17, 2020) by Mark Dolan in Newsletter Archive
  • Issue 87: Vulnerabilities in Digilocker, Facebook, VMware Cloud Director Posted on June 11, 2020 (June 11, 2020) by Mark Dolan in Newsletter Archive
  • Issue 86: Vulnerabilities in Sign in with Apple, Qatar’s COVID19 app, GitLab Posted on June 4, 2020 (June 4, 2020) by Mark Dolan in Newsletter Archive
  • Issue 85: Vulnerability in Google Cloud Deployment Manager, a pentester’s guide to OAuth Posted on May 28, 2020 (May 28, 2020) by Mark Dolan in Newsletter Archive
  • Issue 84: Unprotected APIs at Google Firebase, leaky Arkansas PUA portal Posted on May 21, 2020 (May 20, 2020) by Mark Dolan in Newsletter Archive
  • Issue 83: India’s COVID-19 tracing app, OAuth2 API attacks Posted on May 14, 2020 (May 14, 2020) by Mark Dolan in Newsletter Archive
  • Issue 82: Most common GraphQL vulnerabilities, pentesting with Insomnia Posted on May 7, 2020 (May 6, 2020) by Mark Dolan in Newsletter Archive
  • Issue 81: Vulnerabilities in Microsoft Teams, Auth0, smart home hubs Posted on April 30, 2020 (April 29, 2020) by Mark Dolan in Newsletter Archive
  • Issue 80: API vulnerabilities IBM Data Risk Manager and Cisco Unified Computing System Posted on April 23, 2020 (April 22, 2020) by Mark Dolan in Newsletter Archive
  • Issue 79: 1.4 million doctor records scraped using API Posted on April 16, 2020 (April 16, 2020) by Mark Dolan in Newsletter Archive
  • Issue 78: Vulnerabilities in WordPress Rank Math, Tapplock, and TicTocTrack Posted on April 9, 2020 (April 8, 2020) by Mark Dolan in Newsletter Archive
  • Issue 77: Vulnerabilities in GitLab, OAuth 2.1 draft is out Posted on April 2, 2020 (April 1, 2020) by Mark Dolan in Newsletter Archive
  • Issue 76: 3rd-party API leaks 8 million shopping records Posted on March 26, 2020 (March 25, 2020) by Mark Dolan in Newsletter Archive
  • Issue 75: 98% of IoT traffic unencrypted, API DevSecOps in Azure Pipelines Posted on March 19, 2020 (March 19, 2020) by Mark Dolan in Newsletter Archive
  • Issue 74: Vulnerability in Login with Facebook, API security talks Posted on March 12, 2020 (March 12, 2020) by Mark Dolan in Newsletter Archive
  • Issue 73: Up to 75% credential abuse attacks target APIs Posted on March 5, 2020 (March 18, 2020) by Mark Dolan in Newsletter Archive
  • Issue 72: Vulnerabilities in WordPress ThemeREX Addons and Voatz, Facebook postmortem, JWT talks, OpenAPI Specification 3.0.3 Posted on February 27, 2020 by Mark Dolan in Newsletter Archive
  • Issue 71: Vulnerabilities in SoundCloud and Lime e-scooters, NIST Microservices security strategies Posted on February 20, 2020 by Mark Dolan in Newsletter Archive
  • Issue 70: Vulnerabilities in Twitter, Likud, Iowa caucus apps, two API security talks Posted on February 13, 2020 (February 13, 2020) by Mark Dolan in Newsletter Archive
  • Issue 69: Vulnerabilities in Azure Stack and Cisco TelePresence, API fuzzing Posted on February 6, 2020 (February 6, 2020) by Mark Dolan in Newsletter Archive
  • Issue 68: API security in Gartner Hype Cycle, McAfee threat predictions for 2020 Posted on January 30, 2020 (January 30, 2020) by Mark Dolan in Newsletter Archive
  • Issue 67: RFC for OAuth 2.0 Token Exchange, JWT Webinar Posted on January 23, 2020 by Mark Dolan in Newsletter Archive
  • Issue 66: Vulnerabilities in TikTok and InfiniteWP Client, AppSecCali 2020 Posted on January 16, 2020 (January 16, 2020) by Mark Dolan in Newsletter Archive
  • Issue 65: Vulnerabilities at Siemens, Cisco, D-Link, OWASP API Security Top 10 2019 out Posted on January 9, 2020 (January 8, 2020) by Mark Dolan in Newsletter Archive
  • Issue 64: API Vulnerabilities in Plenty of Fish, SonyLIV, SharePoint, Facebook Posted on January 2, 2020 (December 31, 2019) by Mark Dolan in Newsletter Archive
  • Issue 63: Microsoft and Google dropping Basic Auth, Thinkrace exposing 47mln+ devices Posted on December 26, 2019 (December 25, 2019) by Mark Dolan in Newsletter Archive
  • Issue 62: Vulnerabilities in Amazon Ring Neighbors and Droom, WebSocket API security Posted on December 19, 2019 (December 19, 2019) by Mark Dolan in Newsletter Archive
  • Issue 61: Exposed patient records, vulnerabilities at Airtel and Kaspersky Posted on December 12, 2019 (December 11, 2019) by Mark Dolan in Newsletter Archive
  • Issue 60: Microsoft Azure OAuth2 Vulnerability, 5G Threat Landscape, Webinars Posted on December 5, 2019 (December 5, 2019) by Mark Dolan in Newsletter Archive
  • Issue 59: Vulnerabilities in Fortinet, Truecaller, Nykaa Fashion, SMA M2 smartwatch Posted on November 28, 2019 (November 26, 2019) by Mark Dolan in Newsletter Archive
  • Issue 58: Broken Object Level Authorization explained, plus practical tips on API security Posted on November 21, 2019 (November 21, 2019) by Mark Dolan in Newsletter Archive
  • Issue 57: Vulnerabilities at Facebook, Amazon Ring, and GitHub, OWASP API Security Top 10 Webinar Posted on November 14, 2019 (November 14, 2019) by Mark Dolan in Newsletter Archive
  • Issue 56: Common JWT Attacks, OWASP API Security Top 10 cheat sheet Posted on November 7, 2019 (December 22, 2020) by Mark Dolan in Newsletter Archive
  • Issue 55: Vulnerabilities in eIDAS and Cisco routers, Instagram API program locked down Posted on October 31, 2019 (October 31, 2019) by Mark Dolan in Newsletter Archive
  • Issue 54: API vulnerabilities in eRosary, Kubernetes, Harbor Posted on October 24, 2019 (October 23, 2019) by Mark Dolan in Newsletter Archive
  • Issue 53: Vulnerabilities in TwitterKit, JustDial, Voi e-scooters Posted on October 17, 2019 (October 16, 2019) by Mark Dolan in Newsletter Archive
  • Issue 52: NIST Zero Trust Architecture Guidelines Posted on October 10, 2019 (October 10, 2019) by Mark Dolan in Newsletter Archive
  • Issue 51: Gartner releases full report on API security Posted on October 3, 2019 (October 17, 2019) by Mark Dolan in Newsletter Archive
  • Issue 50: Harbor API vulnerability, and the dangers of CRUD APIs Posted on September 26, 2019 (October 31, 2019) by Mark Dolan in Newsletter Archive
  • Issue 49: Uber account takeover and the leaky Get API Posted on September 19, 2019 (September 18, 2019) by Mark Dolan in Newsletter Archive
  • Issue 48: Vulnerabilities at Verizon and GPS trackers, S3 bucket names leaking Posted on September 12, 2019 (September 12, 2019) by Mark Dolan in Newsletter Archive
  • Issue 47: Cisco and MuleSoft vulnerabilities, API World passes Posted on September 5, 2019 (September 5, 2019) by Mark Dolan in Newsletter Archive
  • Issue 46: Cisco and Facebook patch APIs, Solr API parameter injection Posted on August 29, 2019 (August 28, 2019) by Mark Dolan in Newsletter Archive
  • Issue 45: Hacked dating apps and smartlocks, “Egregious 11” cloud security issues Posted on August 22, 2019 (August 21, 2019) by Mark Dolan in Newsletter Archive
  • Issue 44: ACS 2019 Agenda Posted on August 15, 2019 (August 15, 2019) by Mark Dolan in Newsletter Archive
  • Issue 43: REST API Security Testing Posted on August 8, 2019 (August 7, 2019) by Mark Dolan in Newsletter Archive
  • Issue 42: HTTP Security Headers Posted on August 1, 2019 (July 31, 2019) by Mark Dolan in Newsletter Archive
  • Issue 41: Tinder and Axway API Vulnerability, Equifax fined Posted on July 25, 2019 (July 25, 2019) by Mark Dolan in Newsletter Archive
  • Issue 40: Vulnerabilities in Instagram, 7-Eleven, Zipato Posted on July 18, 2019 (July 18, 2019) by Mark Dolan in Newsletter Archive
  • Issue 39: Vulnerable local Zoom webservers on 4+ mln Macs Posted on July 11, 2019 (July 11, 2019) by Mark Dolan in Newsletter Archive
  • Issue 38: Cracked smartlocks, X-Frame-Options, standards gaining adoption Posted on July 4, 2019 (July 4, 2019) by Mark Dolan in Newsletter Archive
  • Issue 37: Vulnerabilities with WebLogic and OnePlus, the Black Hat API workshop, and OAuth in action Posted on June 27, 2019 (June 27, 2019) by Mark Dolan in Newsletter Archive
  • Issue 36: Vulnerabilities at TP-Link, Venmo, Amcrest, and GateHub Posted on June 20, 2019 (December 2, 2019) by Mark Dolan in Newsletter Archive
  • Issue 35: IDE support for OpenAPI Posted on June 13, 2019 (June 13, 2019) by Mark Dolan in Newsletter Archive
  • Issue 34: OWASP launches API Security Top 10 project Posted on June 6, 2019 (November 22, 2019) by Mark Dolan in Newsletter Archive
  • Issue 33: First American leaks 885 million mortgage records Posted on May 30, 2019 (May 29, 2019) by Mark Dolan in Newsletter Archive
  • Issue 32: WAFs missing API attacks for 86% of users Posted on May 23, 2019 (May 23, 2019) by Mark Dolan in Newsletter Archive
  • Issue 31: Samsung SmartThings repo token leaks, and Facebook fined for API vulnerability Posted on May 16, 2019 (May 15, 2019) by Mark Dolan in Newsletter Archive
  • Issue 30: 5G going to REST. Breaches in Dell, Cisco, WebLogic, DockerHub, JustDial, iLnkP2P Posted on May 9, 2019 (May 8, 2019) by Mark Dolan in Newsletter Archive
  • Issue 29: OAuth2 attacks, car GPS vulnerabilities, and honeypot stats Posted on May 2, 2019 (May 1, 2019) by Mark Dolan in Newsletter Archive
  • Issue 28: Breaches in Tchap, Shopify, and JustDial Posted on April 25, 2019 (April 24, 2019) by Mark Dolan in Newsletter Archive
  • Issue 27: MyCar vulnerability, serverless, IoT API security Posted on April 18, 2019 (April 17, 2019) by Mark Dolan in Newsletter Archive
  • Issue 26: Verizon routers patched for API vulnerability Posted on April 11, 2019 (April 10, 2019) by Mark Dolan in Newsletter Archive
  • Issue 25: NIST microservices guidelines, Facebook opens up to pentesting Posted on April 4, 2019 (April 10, 2019) by Mark Dolan in Newsletter Archive
  • Issue 24: Unprotected APIs in implants, storing API secrets Posted on March 28, 2019 (March 28, 2019) by Mark Dolan in Newsletter Archive
  • Issue 23: Hacking ML, AWS Gateway Security, Gartner advice to CISO Posted on March 21, 2019 (March 20, 2019) by Mark Dolan in Newsletter Archive
  • Issue 22: SANS SWAT list, 42Crunch Platform launch Posted on March 14, 2019 (March 13, 2019) by Mark Dolan in Newsletter Archive
  • Issue 21: Amazon Ring Doorbell camera hacked, open APIs coming to healthcare Posted on March 7, 2019 (March 6, 2019) by Mark Dolan in Newsletter Archive
  • Issue 20: Drupal APIs hacked, EU releases IoT standards Posted on February 28, 2019 (February 28, 2019) by Mark Dolan in Newsletter Archive
  • Issue 19: Half of Amazon’s top-selling smart devices found vulnerable Posted on February 21, 2019 (February 20, 2019) by Mark Dolan in Newsletter Archive
  • Issue 17: 83 percent of web traffic is API, and why query parameters are bad for secrets Posted on February 7, 2019 (February 7, 2019) by Mark Dolan in Newsletter Archive
  • Issue 16: DHS DNS hijacking directive, plus 5 API security rules Posted on January 31, 2019 (January 31, 2019) by Mark Dolan in Newsletter Archive
  • Issue 15: Fortnite hack, TLS MITM attacks, SQL injections for NoSQL Posted on January 24, 2019 (January 23, 2019) by Mark Dolan in Newsletter Archive
  • Issue 14: Hacked hot tubs, airlines, trading sites; JSON encoding best practices Posted on January 17, 2019 (January 16, 2019) by Mark Dolan in Newsletter Archive
  • Issue 13: Microsoft services and Chromecast hacks, the limitations of WAF Posted on January 10, 2019 (January 9, 2019) by Mark Dolan in Newsletter Archive
  • Issue 12: Car APIs leaking location, breached security cameras, regulation that helps Posted on January 3, 2019 (January 3, 2019) by Mark Dolan in Newsletter Archive
  • Issue 11: Mutual TLS authentication in Golang open to DoS, XSS in Google Code-in Posted on December 20, 2018 (December 20, 2018) by Mark Dolan in Newsletter Archive
  • Understanding Golang TLS mutual authentication DoS – CVE-2018-16875 Posted on December 19, 2018 (December 20, 2018) by Mark Dolan in Newsletter Archive
  • Issue 10: Unprotected Docker and Ethereum APIs, McAfee 2019 forecast Posted on December 13, 2018 (December 12, 2018) by Mark Dolan in Newsletter Archive
  • Issue 9: Patch your Kubernetes and security cameras, check out the Node.js security guide Posted on December 6, 2018 (December 6, 2018) by Mark Dolan in Newsletter Archive
  • Issue 8: USPS API broken, APIdays, ETSI downgrades TLS Posted on November 29, 2018 (November 28, 2018) by Mark Dolan in Newsletter Archive
  • Issue 7: OAuth attacks, vulnerabilities in drones and kids’ watches Posted on November 21, 2018 (November 21, 2018) by Mark Dolan in Newsletter Archive
  • Issue 6: Steam API leaks keys, and why WAF does not help DevSecOps Posted on November 15, 2018 (November 15, 2018) by Mark Dolan in Newsletter Archive
  • Issue 5: Bad TLS client authentication, how not to use cURL, State of Software Security Posted on November 7, 2018 (November 15, 2018) by Mark Dolan in Newsletter Archive
  • Issue 4: Remini hacked, perils of free APIs, TLS explained, ATMs & SWIFT get APIs Posted on November 1, 2018 (November 15, 2018) by Mark Dolan in Newsletter Archive
  • Issue 3: TLS 1.3, securing JWT, US banks release a common API standard Posted on October 25, 2018 (November 15, 2018) by Mark Dolan in Newsletter Archive
  • Issue 2: California IoT security law, GoDaddy & AWS vulnerabilities Posted on October 18, 2018 (October 24, 2018) by Mark Dolan in Newsletter Archive
  • Issue 1: APIStrat, CORS, Samsung, Google, Facebook, GitLab, Apple Posted on October 11, 2018 (October 16, 2018) by Mark Dolan in Newsletter Archive

Categories

  • Industry News
  • Newsletter Archive
Apisecurity.io is powered by:
Legal Info
  • Our Terms of Use
  • Our Privacy Policy
  • Our Cookie Policy

Get in touch with us

Have any news to share? Ideas? Questions?

Contact Us

Copyright 2018-2025 42Crunch Ltd, All Rights Reserved.