Mark Dolan, Author at API Security News

Issue 269: API Security Guidelines, Mastering OpenAPI, Security Flaws in Shopware and Zabbix APIs Posted on April 10, 2025 (April 10, 2025) by Mark Dolan in Newsletter Archive
Issue 268: Cloudflare disables HTTP, Moodle and Flowise API flaws, DevSecOps & API secure design Posted on March 27, 2025 (March 28, 2025) by Mark Dolan in Newsletter Archive
Issue 267: AI to replace Pentesters, Radware Threat report, API bugs at Medefer and Zitadel, API holes in OpenBanking Posted on March 13, 2025 (March 14, 2025) by Mark Dolan in Newsletter Archive
Issue 266: API governance, KYC leak at the Post Office, SQL injection bug in Fintech API, API best practices Posted on February 27, 2025 (February 27, 2025) by Mark Dolan in Newsletter Archive
Issue 265: YouTube API privacy bug, Medical records leaked, OpenAPI News, Spring Boot API impacts Volkswagen Posted on February 13, 2025 (February 13, 2025) by Mark Dolan in Newsletter Archive
Issue 264: Pwn2Own Automotive 2025, Subaru APIs hacked, DevSecOps for the connected vehicle Posted on January 30, 2025 by Mark Dolan in Newsletter Archive
Issue 263: Trellix & Aviatrix API exploits, API risks in education, API configuration bugs & secure coding practices Posted on January 16, 2025 (January 16, 2025) by Mark Dolan in Newsletter Archive
Issue 262: API incidents in Invoice Ninja, McDonald’s & Truecaller apps, Jetbrains survey, Postman data leaks Posted on January 3, 2025 by Mark Dolan in Newsletter Archive
Issue 261: API Security in 2025, OWASP insecure design, path traversal flaws for Mitel and Sailpoint Posted on December 19, 2024 (December 19, 2024) by Mark Dolan in Newsletter Archive
Issue 260: Attacking the API SDLC, lessons from an API bounty hunter, Node APIs done right and news of recent vulnerabilities Posted on December 4, 2024 (December 19, 2024) by Mark Dolan in Newsletter Archive
Issue 259: API flaw exposes 4 million WordPress sites, API error handling bugs, a case for API First Posted on November 21, 2024 (November 21, 2024) by Mark Dolan in Newsletter Archive
Issue 258: API governance at Vodafone, OpenAPI updates, APIs with OWASP vulnerabilities Posted on November 7, 2024 (November 8, 2024) by Mark Dolan in Newsletter Archive
Issue 257: Internet Archive under attack, API Gateways insecure by default, OWASP injection attacks Posted on October 24, 2024 (October 25, 2024) by Mark Dolan in Newsletter Archive
Issue 256: Privilege escalation bugs in Kia vehicles, Cisco and Gov APIs, NIST’s new rules for password security Posted on October 10, 2024 (October 10, 2024) by Mark Dolan in Newsletter Archive
Issue 255: Versa Director API flaw, Feeld BOLA vulnerabilities, logic flaw risks aircraft disaster Posted on September 26, 2024 (September 26, 2024) by Mark Dolan in Newsletter Archive
Issue 254: WhatsApp and IBM WebMethods vulnerabilities, 3rd-party API and LLM risks, API access controls Posted on September 12, 2024 (September 12, 2024) by Mark Dolan in Newsletter Archive
Issue 253: Breached companies face litigation, SQL injection in Cisco APIs, API Security for Automotive & Finance Posted on August 29, 2024 (August 29, 2024) by Mark Dolan in Newsletter Archive
Issue 252: API Security in APAC, Crowdstrike and canary tests, API vulnerabilities in solar platforms and React apps, Costs of a data breach Posted on August 15, 2024 (August 22, 2024) by Mark Dolan in Newsletter Archive
Issue 251: FCC mandates API security, API vulnerabilities in dating apps and Docker plugins, Life360 API data leak Posted on August 1, 2024 (August 1, 2024) by Mark Dolan in Newsletter Archive
Issue 250: Authy API breach, US agencies push secure by design, APIs grill IoT devices, shares by our readers Posted on July 18, 2024 (July 18, 2024) by Mark Dolan in Newsletter Archive
Issue 249: Major API breach at Optus, CocoaPods exposed, Bad Bots and API DoS attacks, Webinar: 2024 API breaches Posted on July 4, 2024 (July 4, 2024) by Mark Dolan in Newsletter Archive
Issue 248: API penetration of apps and modems, GraphQL and its discontents, API security for supply chain and automotive Posted on June 20, 2024 (June 20, 2024) by Mark Dolan in Newsletter Archive
Issue 247: Dropbox and Dell breaches, vulnerability in Next.js, API growth causing concerns Posted on May 31, 2024 (May 31, 2024) by Mark Dolan in Newsletter Archive
Issue 245: Delinea patches API vulnerability, API vulnerability in Palo Alto devices Posted on May 3, 2024 by Mark Dolan in Newsletter Archive
Issue 244: Threats to enterprises in the cloud, looming threats to APIs, API SDK generation tools Posted on April 18, 2024 (April 18, 2024) by Mark Dolan in Newsletter Archive
Issue 243: Economics of API attacks, understanding CORS, blocking compromised API tokens Posted on April 9, 2024 (April 9, 2024) by Mark Dolan in Newsletter Archive
Issue 242: API governance to avoid tech sprawl, API security in digital transformation, AI for APIs Posted on March 20, 2024 (March 20, 2024) by Mark Dolan in Newsletter Archive
Issue 241: Two critical flaws in FortiSIEM product, making public APIs private, API security strategy Posted on March 6, 2024 (March 20, 2024) by Mark Dolan in Newsletter Archive
Issue 240: Spoutible API leakage, 15M Trello profiles scraped, API secret tokens leaked Posted on February 22, 2024 (February 22, 2024) by Mark Dolan in Newsletter Archive
Issue 239: Hugging Face API token breach, SonicWall firewalls exploit, Kubernetes API gateway guide Posted on February 8, 2024 (February 8, 2024) by Mark Dolan in Newsletter Archive
Issue 238: APIs used to target business, cloud-native for APIs, and APIs becoming attractive targets Posted on January 25, 2024 (January 25, 2024) by Mark Dolan in Newsletter Archive
Issue 237: Six API trends for 2024, API keys leading to vulnerabilities, the future of API gateways Posted on January 10, 2024 by Mark Dolan in Newsletter Archive
Issue 236: Using a developer portal, dark data in APIs, an update on Ray AI framework, predictions for 2024 Posted on December 21, 2023 (December 22, 2023) by Mark Dolan in Newsletter Archive
Issue 235: 25m loss at Kronos due to API key loss and three other API vulnerabilities Posted on December 14, 2023 (December 14, 2023) by Mark Dolan in Newsletter Archive
Issue 234: Sumo Logic breach leads to key reset, risk of RBAC vulnerabilities, automated API contracts Posted on December 5, 2023 (December 5, 2023) by Mark Dolan in Newsletter Archive
Issue 233: Flaws in OAuth social sign-in, securing API gateways, scalable SaaS security Posted on November 16, 2023 by Mark Dolan in Newsletter Archive
Issue 232: API attacks surge, the silent threat of APIs, Jumpcloud incident review Posted on November 1, 2023 by Mark Dolan in Newsletter Archive
Issue 231: API authentication bypass in Ivanti Sentry, Docker images expose API and keys Posted on October 18, 2023 by Mark Dolan in Newsletter Archive
Issue 230: OpenSea API breach, flaw in Atlas VPN, using API fuzzing Posted on October 5, 2023 (October 6, 2023) by Mark Dolan in Newsletter Archive
Issue 229: Incidents with DuoLingo and JumpCloud, FastAPI for APIs, and five best practices Posted on September 21, 2023 by Mark Dolan in Newsletter Archive
Issue 228: 3rd party API security, OAuth2 step-up deep-dive, shadow and zombie APIs Posted on September 7, 2023 (September 7, 2023) by Mark Dolan in Newsletter Archive
Issue 227: GhostToken on Google Cloud, Gartner on zero trust, API authentication Posted on August 25, 2023 by Mark Dolan in Newsletter Archive
Issue 226 : Jetpack WordPress plugin has API vulnerability, how to address API security in 2023 Posted on August 10, 2023 by Mark Dolan in Newsletter Archive
Issue 225 : API security needs a reset, vAPI walkthrough, five stages to attain API security Posted on July 26, 2023 by Mark Dolan in Newsletter Archive
Issue 224 : API security is critical in 2023, API contract testing, and Fencer security testing tool Posted on July 6, 2023 (July 7, 2023) by Mark Dolan in Newsletter Archive
Issue 223 : Becoming an API security expert, AI for API hackers, building API cross-functional teams Posted on June 25, 2023 by Mark Dolan in Newsletter Archive
Issue 222: Attackers exploiting APIs faster than ever, DVGA walkthrough, Twitter outage Posted on June 11, 2023 by Mark Dolan in Newsletter Archive
Issue 221: Credential leakage fueling API breaches, API gateway security, PCI DSS 4 impact on API security Posted on June 3, 2023 (June 3, 2023) by Mark Dolan in Newsletter Archive
Issue 220: API flaw in Booking.com, apps leaking sensitive API data, API security testing checklist Posted on May 25, 2023 by Mark Dolan in Newsletter Archive
Issue 219: Money Lover app exposes user data, most web API flaws missed by standard testing Posted on May 12, 2023 (May 13, 2023) by Mark Dolan in Newsletter Archive
Issue 218: Three Argo CD API exploits, distributed identity for modern API security Posted on May 5, 2023 (May 5, 2023) by Mark Dolan in Newsletter Archive
Issue 217: Wordle API exposes answers, Twitter API breach updates, AWS exposed dangerous API Posted on April 28, 2023 (April 28, 2023) by Mark Dolan in Newsletter Archive
Issue 216: Hacking a .Net application, state of API security report, myths of API security Posted on March 27, 2023 (March 29, 2023) by Mark Dolan in Newsletter Archive
Issue 215: API flaws in Lego marketplace, API style guides, 42Crunch joins MISA Posted on March 5, 2023 (March 5, 2023) by Mark Dolan in Newsletter Archive
Issue 214: Google Cloud’s four pillars of API security, Cerbos for API permissions, attacking predictable GUIDs Posted on February 9, 2023 by Mark Dolan in Newsletter Archive
Issue 213: Supply chain vulnerability in IBM Cloud, hardcoded API keys in Algolia portal, JSON-based SQL attacks Posted on January 26, 2023 by Mark Dolan in Newsletter Archive
Issue 212: Remote control of vehicles, API hacking for QA teams, API Top 10 walkthrough Posted on January 15, 2023 by Mark Dolan in Newsletter Archive
Issue 211: SQLi vulnerability in Zendesk Explore, Twitter API vulnerability, API threats to data-driven enterprises Posted on December 9, 2022 (December 9, 2022) by Mark Dolan in Newsletter Archive
Issue 210: CSRF vulnerability in F5, supply chain attacks, hacking APIs, GCP API security report Posted on November 30, 2022 (November 30, 2022) by Mark Dolan in Newsletter Archive
Issue 209: CSRF in Plesk API-enabled server, top five API security myths, Ory Hydra authentication server Posted on November 17, 2022 by Mark Dolan in Newsletter Archive
Issue 208: Urlscan.io leaks sensitive data, Dropbox phishing attack, contract test for microservices Posted on November 9, 2022 by Mark Dolan in Newsletter Archive
Issue 207: Tinder API gateway, runtime secrets protection for mobile APIs, and Open Banking APIs Posted on November 2, 2022 by Mark Dolan in Newsletter Archive
Issue 205: Manufacturing industry seeing more API incidents than other industries, two guides on developing secure APIs Posted on October 20, 2022 by Mark Dolan in Newsletter Archive
Issue 204: API attacks on shadow APIs, PII leaks from e-commerce APIs, API runtime security Posted on October 14, 2022 by Mark Dolan in Newsletter Archive
Issue 203: Optus data breach, API security guide, AuthN/AuthZ vulnerabilities Posted on October 7, 2022 by Mark Dolan in Newsletter Archive
Issue 202: Six top API security risks, why APIs have no clothes, and a guide on API security testing Posted on September 14, 2022 by Mark Dolan in Newsletter Archive
Issue 201: API security in Kubernetes, Corey Ball podcast, broken access controls for APIs, 200th issue prize giveaway Posted on September 9, 2022 by Mark Dolan in Newsletter Archive
Issue 200: Injection vulnerability in BitBucket, OAuth2 exploitation, and 200th issue prize giveaways Posted on September 1, 2022 (September 1, 2022) by Mark Dolan in Newsletter Archive
Issue 199: Vulnerability in Zulip server, broken access controls threat to APIs, introduction to BOLA Posted on August 25, 2022 by Mark Dolan in Newsletter Archive
Issue 198: API security certification, API authentication webinar, optimizing API security Posted on August 18, 2022 (August 21, 2022) by Mark Dolan in Newsletter Archive
Issue 197: Apps leaking Twitter tokens, parameter smuggling attack in Golang, API catalogs for security Posted on August 14, 2022 by Mark Dolan in Newsletter Archive
Issue 196: Software supply chains, APIs in healthcare, Azure API management baselines Posted on August 3, 2022 by Mark Dolan in Newsletter Archive
Issue 195: How DevOps teams defend against API attacks, empathy for the API developer Posted on July 28, 2022 by Mark Dolan in Newsletter Archive
Issue 194: API testing checklist, API security testing resources, CVSS for API security Posted on July 21, 2022 by Mark Dolan in Newsletter Archive
Issue 193: Five API security best practices, AppSec tools for APIs Posted on July 14, 2022 by Mark Dolan in Newsletter Archive
Issue 192: Vulnerable APIs costing $75 billion, new Google API security platform Posted on July 6, 2022 (July 6, 2022) by Mark Dolan in Newsletter Archive
Issue 191: API insecurity causing rising incidents, policy-as-code for API security Posted on June 29, 2022 by Mark Dolan in Newsletter Archive
Issue 190: Akamai’s report on APIs, API security checklist, dangers of API security overconfidence Posted on June 22, 2022 by Mark Dolan in Newsletter Archive
Issue 189: Vulnerability in Travis CI log API, Microsoft guide to API security, and why API security needs special attention Posted on June 15, 2022 by Mark Dolan in Newsletter Archive
Issue 188: API security for smart cars, ownership of the API lifecycle, APIs a top CISO concern Posted on June 8, 2022 (June 8, 2022) by Mark Dolan in Newsletter Archive
Issue 187: RCE and API vulnerability in OAS platform, account takeover in Yunmai smart scale Posted on June 1, 2022 by Mark Dolan in Newsletter Archive
Issue 186: Kubernetes API servers exposed, vulnerability in Swagger-UI library, Google views on API economy Posted on May 25, 2022 by Mark Dolan in Newsletter Archive
Issue 185: Three trends in API security, GraphQL securing risks, the importance of API discovery Posted on May 18, 2022 by Mark Dolan in Newsletter Archive
Issue 184: RCE in F5 BIG-IP suite, API security maturity, hardening GCP implementations Posted on May 11, 2022 (May 11, 2022) by Mark Dolan in Newsletter Archive
Issue 183: API vulnerability in VeryFitPro, exposed Docker APIs targeted by botnets, TruffleHog finds stored credentials Posted on May 4, 2022 by Mark Dolan in Newsletter Archive
Issue 182: Drupal patches API vulnerability, Google Cloud on API security challenges, guide to OAuth2 Posted on April 27, 2022 by Mark Dolan in Newsletter Archive
Webinar – Actively Monitor and Defend Your APIs with 42Crunch and the Azure Sentinel Platform Posted on April 27, 2022 by Mark Dolan in Newsletter Archive
Issue 181: Vulnerability in Wavlink router, API exposing system passwords, views on internal APIs Posted on April 20, 2022 by Mark Dolan in Newsletter Archive
Issue 180: API vulnerability in Easy!Appointments platform, new APIs compromising security Posted on April 13, 2022 by Mark Dolan in Newsletter Archive
Issue 179: Spring4Shell zero-day, CRI-O container runtime vulnerability, and REST API security reference Posted on April 6, 2022 (April 6, 2022) by Mark Dolan in Newsletter Archive
Issue 178: Six areas for Cloud-native security, API governance, DevOps for improved API security, locking down APIs Posted on March 30, 2022 by Mark Dolan in Newsletter Archive
Issue 177: Vulnerabilities in Veeam product, RCE in Parse Server module, insecure API threat to mobile apps Posted on March 23, 2022 by Mark Dolan in Newsletter Archive
Webinar – OWASP API Security Top 10 Challenges – Third and Final Episode Posted on March 23, 2022 (March 23, 2022) by Mark Dolan in Newsletter Archive
Issue 176: Case study of API vulnerabilities, Riverbed vulnerability, API abuse, JWT safety Posted on March 16, 2022 by Mark Dolan in Newsletter Archive
Issue 175: Vulnerabilities affecting Cisco platforms, GitLab instances, and campus access control Posted on March 9, 2022 by Mark Dolan in Newsletter Archive
Webinar: How to Extend Protection of your Data from API to Mobile Application Posted on March 3, 2022 (March 3, 2022) by Mark Dolan in Newsletter Archive
Issue 174: APIs increasingly used for account takeover, API hacking book, OAuth in Postman Posted on March 2, 2022 by Mark Dolan in Newsletter Archive
Issue 173: Coinbase vulnerability, AuthN/AuthZ best practices, bad bots, Elgato Key light hack Posted on February 23, 2022 by Mark Dolan in Newsletter Archive
Issue 172: Argo CD vulnerability, state of API security survey, API testing with Zap and Postman Posted on February 16, 2022 by Mark Dolan in Newsletter Archive
Addressing the OWASP API Authentication and Authorization Challenges. Posted on February 10, 2022 (February 10, 2022) by Mark Dolan in Industry News
Issue 171: DPD parcel tracking flaw, Apache Pulsar and Casdoor vulnerabilities, trends in API industry Posted on February 9, 2022 by Mark Dolan in Newsletter Archive
Issue 170: DevSecOps approach to API security, F5 vulnerabilities, ten API integration trends Posted on February 2, 2022 by Mark Dolan in Newsletter Archive
Issue 169: Insecure API in WordPress plugin, Tesla 3rd party vulnerability, introducing vAPI Posted on January 26, 2022 by Mark Dolan in Newsletter Archive
OWASP API Security Top 10 Challenges – Webinar Series Posted on January 20, 2022 (January 25, 2022) by Mark Dolan in Newsletter Archive
Issue 168: Safari 15 IndexedDB API vulnerability, a pair of AWS vulnerabilities, and an API security podcast Posted on January 20, 2022 by Mark Dolan in Newsletter Archive
Issue 167: Uber bug allows spoof emails, partner-facing APIs on the rise, omnichannel APIs increase risk Posted on January 13, 2022 (January 20, 2022) by Mark Dolan in Newsletter Archive
Issue 166: Securing large API ecosystems, creating OpenAPI from HTTP traffic, Frankenstein APIs, and API proliferation Posted on January 6, 2022 (January 6, 2022) by Mark Dolan in Newsletter Archive
Issue 165: Vulnerability in All in One WordPress plugin, why to treat all APIs as public, a beginner’s guide to API security Posted on December 23, 2021 by Mark Dolan in Newsletter Archive
Issue 164: Log4Shell vulnerability, API sprawl an increasing threat, API security design best practices, Zero Trust for APIs Posted on December 15, 2021 by Mark Dolan in Newsletter Archive
Issue 163: Why API security strategies fail, AWS keynote on good API design, biggest breaches in 2021 Posted on December 8, 2021 by Mark Dolan in Newsletter Archive
Issue 162: Compromised Google Cloud accounts, GraphQL as API gateway, API security guide and training Posted on December 1, 2021 by Mark Dolan in Newsletter Archive
Webinar: Automate API Protection with “Security as Code” Posted on November 30, 2021 by Mark Dolan in Newsletter Archive
Issue 161: Vulnerability in Wipro Holmes Orchestrator, report into vulnerabilities in FinTech and banking apps Posted on November 24, 2021 by Mark Dolan in Newsletter Archive
Issue 160: Vulnerability in AWS API gateway, Kubernetes API access hardening guide Posted on November 18, 2021 by Mark Dolan in Newsletter Archive
Issue 159: Vulnerability in GoCD CI/CD platform, views on full lifecycle API security, articles on API security and sprawl Posted on November 10, 2021 by Mark Dolan in Newsletter Archive
Issue 158: Data of 400 000 students exposed, 1 million sites affected by plugin vulnerabilities, views on GraphQL Posted on November 3, 2021 by Mark Dolan in Newsletter Archive
Issue 157: Unsafe defaults in Prometheus, mapping API attack surfaces, OpenAPI file trend analysis Posted on October 27, 2021 by Mark Dolan in Newsletter Archive
Issue 156: FHIR APIs vulnerable to abuse, 3D printers facing hijacking risk, API security webinar Posted on October 20, 2021 (October 20, 2021) by Mark Dolan in Newsletter Archive
Issue 155: Vulnerability in BrewDog mobile app, APIClarity at KubeCon, API attacks in Open Banking Posted on October 13, 2021 (October 13, 2021) by Mark Dolan in Newsletter Archive
Issue 154: Views on APIs and security, report into API misconfiguration, detecting malicious API activity Posted on October 6, 2021 (October 6, 2021) by Mark Dolan in Newsletter Archive
Issue 153: Rapid proliferation of APIs, WordPress API vulnerability, false-negative API scanning Posted on September 29, 2021 (October 1, 2021) by Mark Dolan in Newsletter Archive
Issue 152: Exposed API keys and tokens, SAST/DAST for API security testing, the value of API specifications Posted on September 22, 2021 (September 22, 2021) by Mark Dolan in Newsletter Archive
Issue 151: WordPress 5.8.1 security patch, API botnet attacks report, articles on API tokens and API discovery Posted on September 15, 2021 (September 15, 2021) by Mark Dolan in Newsletter Archive
Issue 150: Vulnerability in Fortress home security system, API fuzzing techniques, hardening GraphQL implementations, and central governance for APIs Posted on September 9, 2021 (September 8, 2021) by Mark Dolan in Newsletter Archive
Issue 149: Vulnerabilities on Cisco routers and Bumble, adopting Zero Trust for APIs, a hacker’s view on API security challenges Posted on September 1, 2021 (September 5, 2021) by Mark Dolan in Newsletter Archive
Issue 148: Microsoft Power Apps breach, BOLA on Topcoder portal, RFC 9101 released, API hacking guide Posted on August 25, 2021 (August 25, 2021) by Mark Dolan in Newsletter Archive
Issue 147: Vulnerabilities in SEOPress plugin and Steam portal, results from an application security survey Posted on August 19, 2021 (August 18, 2021) by Mark Dolan in Newsletter Archive
Issue 146: Facebook API leaking private group membership, JWT Attacker plugin for Burp Posted on August 12, 2021 (August 18, 2021) by Mark Dolan in Newsletter Archive
Issue 145: APIs and electric car charging stations, The Nuts and Bolts of OAuth 2.0 Posted on August 5, 2021 (August 5, 2021) by Mark Dolan in Newsletter Archive
Issue 144: JustDial API vulnerability re-emerges, API key checker, the state of OAuth Posted on July 29, 2021 (July 29, 2021) by Mark Dolan in Newsletter Archive
Issue 143: GraphQL API leaking credit cards, SQLi in JWT, XML attacks mind map Posted on July 21, 2021 (July 21, 2021) by Mark Dolan in Newsletter Archive
Issue 142: API vulnerabilities in Coursera and Huawei, GraphQL rate limiting and discovery Posted on July 15, 2021 (July 15, 2021) by Mark Dolan in Newsletter Archive
Issue 141: API vulnerabilities in VeryFitPro and Gettr, AWS Lambda authorizers, AsyncAPI 2.1 Posted on July 8, 2021 (July 8, 2021) by Mark Dolan in Newsletter Archive
Issue 140: API vulnerabilities at LazyPay, Western Digital, and LinkedIn; IDOR mindmap Posted on July 1, 2021 (July 1, 2021) by Mark Dolan in Newsletter Archive
Issue 139: API vulnerabilities at Apple, Amazon, and 1Sambayan, upcoming Gartner webinar Posted on June 24, 2021 (June 23, 2021) by Mark Dolan in Newsletter Archive
Issue 138: Vulnerabilities in Microsoft Teams and Instagram Posted on June 17, 2021 (June 16, 2021) by Mark Dolan in Newsletter Archive
Issue 137: Vulnerabilities in VMware vCenter and Apache Pulsar, GraphQL and CSRF attacks Posted on June 10, 2021 (June 9, 2021) by Mark Dolan in Newsletter Archive
Issue 136: OAuth 2.0 security checklist and pentesting Posted on June 3, 2021 (June 3, 2021) by Mark Dolan in Newsletter Archive
Issue 135: Millions stolen from cryptoexchanges through APIs Posted on May 27, 2021 (May 27, 2021) by Mark Dolan in Newsletter Archive
Issue 134: API vulnerabilities at Echelon, Instagram, Facebook Workspace Posted on May 20, 2021 (May 20, 2021) by Mark Dolan in Newsletter Archive
Issue 133: Vulnerable Peloton APIs, API contract generation for .NET Posted on May 13, 2021 (May 13, 2021) by Mark Dolan in Newsletter Archive
Issue 132: Experian API leak, breaches at DigitalOcean and Geico, Burp plugins, vAPI lab Posted on May 6, 2021 (May 5, 2021) by Mark Dolan in Newsletter Archive
Issue 131: API vulnerabilities at John Deere, Springfox, JWT lab, AutoGraphQL Posted on April 29, 2021 (April 29, 2021) by Mark Dolan in Newsletter Archive
Issue 130: GitHub’s new token format, MindAPI, Kiterunner Posted on April 22, 2021 (April 22, 2021) by Mark Dolan in Newsletter Archive
Issue 129: Facebook and Clubhouse profiles scraped through APIs, Forrester’s “State of Application Security, 2021” Posted on April 15, 2021 (April 14, 2021) by Mark Dolan in Newsletter Archive
Issue 128: API flaws at VMware and GitLab, URL parameters and SSRF, webinar on recent breaches Posted on April 8, 2021 (April 8, 2021) by Mark Dolan in Newsletter Archive
Issue 127: Hidden OAuth attack vectors, Methodology for BOLA/IDOR Posted on April 1, 2021 (March 30, 2021) by Mark Dolan in Newsletter Archive
Issue 126: F5 iControl REST API under attack, Regexploit, Ford’s API security talk recording Posted on March 25, 2021 (March 25, 2021) by Mark Dolan in Newsletter Archive
Issue 125: iPhone call recorder API flaw, Burp and OpenAPI, GraphQL pentesting, FAPI Posted on March 18, 2021 (March 18, 2021) by Mark Dolan in Newsletter Archive
Issue 124: API vulnerabilities at Microsoft and Truecaller Guardians, Pentester labs, API security at Ford Motors Posted on March 11, 2021 (March 11, 2021) by Mark Dolan in Newsletter Archive
Issue 123: API vulnerabilities VMWare vCenter and Facebook, mismatch between JSON parsers, API security fixes in VS Code Posted on March 4, 2021 (March 4, 2021) by Mark Dolan in Newsletter Archive
Issue 122: API issues at Clubhouse and healthcare apps, scope-based recon, OAS v3.1.0 Posted on February 25, 2021 (February 24, 2021) by Mark Dolan in Newsletter Archive
Issue 121: Vulnerability at chess.com, GraphQL security playground and checklist Posted on February 18, 2021 (February 17, 2021) by Mark Dolan in Newsletter Archive
Issue 120: Video doorbells security flaws, intro to JWT attacks, security zines Posted on February 11, 2021 (February 10, 2021) by Mark Dolan in Newsletter Archive
Issue 119: NoxPlayer supply-chain attack through a hacked API Posted on February 4, 2021 (February 5, 2021) by Mark Dolan in Newsletter Archive
Issue 118: Spring Framework ALPS, OAuth 2.0 attack mindmap, securing JWTs Posted on January 28, 2021 (January 28, 2021) by Mark Dolan in Newsletter Archive
Issue 117: Vulnerabilities in YouTube and Ring Neighbors app, OAuth Mix-Up attacks, Tamper Dev Posted on January 21, 2021 (January 21, 2021) by Mark Dolan in Newsletter Archive
Issue 116: Facebook and Parler API vulnerabilities, clairvoyance Posted on January 14, 2021 (January 15, 2021) by Mark Dolan in Newsletter Archive
Issue 115: Vulnerabilities in SolarWinds, Ledger, Outlook. New plugin for JetBrains IDEs Posted on January 7, 2021 (September 22, 2021) by Mark Dolan in Newsletter Archive
Issue 114: SolarWinds and PickPoint breaches, GitHub Code Scanning review, GraphQL security Posted on December 17, 2020 (December 17, 2020) by Mark Dolan in Newsletter Archive
Issue 113: API vulnerabilities at YouTube and 1Password, OIDC security, Assetnote Wordlists Posted on December 10, 2020 (December 10, 2020) by Mark Dolan in Newsletter Archive
Issue 112: Vulnerability in Paginator, Microsoft RESTLer, talks on API authentication and JWT security Posted on December 3, 2020 (December 2, 2020) by Mark Dolan in Newsletter Archive
Issue 111: API vulnerabilities in AWS, Tesla Backup Gateway, Twitter Posted on November 26, 2020 (November 26, 2020) by Mark Dolan in Newsletter Archive
Issue 110: API flaws in Bumble and COVID-KAYA, Forrester on API security, ASC 2020 talks Posted on November 19, 2020 (November 19, 2020) by Mark Dolan in Newsletter Archive
Issue 109: API token best practices, Dredd, IDOR hunting tips Posted on November 12, 2020 (November 11, 2020) by Mark Dolan in Newsletter Archive
Issue 108: API vulnerabilities in Thrillophilia and GitLab Posted on November 5, 2020 (November 4, 2020) by Mark Dolan in Newsletter Archive
Issue 107: Vulnerabilities in Waze, AWS, and NHS COVID-19 app, Forrester App Sec Tech Tide Posted on October 29, 2020 (October 29, 2020) by Mark Dolan in Newsletter Archive
Issue 106: API flaws at GitLab and Grindr, APICheck, API World and apidays conferences next week Posted on October 22, 2020 (October 21, 2020) by Mark Dolan in Newsletter Archive
Issue 105: API vulnerabilities in HashiCorp, Azure App Services, and Qiui adult devices Posted on October 15, 2020 (October 15, 2020) by Mark Dolan in Newsletter Archive
Issue 104: API vulnerabilities at Twitter and Grandstream, mTLS in AWS API Gateway, Application Security Podcast Posted on October 8, 2020 (October 8, 2020) by Mark Dolan in Newsletter Archive
Issue 103: API vulnerabilities at Cisco, Shopify, BrandBQ, a security guide to CORS Posted on October 1, 2020 (September 30, 2020) by Mark Dolan in Newsletter Archive
Issue 102: Vulnerabilities in Facebook and campaign apps, creating defensible APIs Posted on September 24, 2020 (October 13, 2020) by Mark Dolan in Newsletter Archive
Issue 101: Vulnerabilities in Giggle, Google Cloud Platform, SonicWall, New Relic, Tesla Posted on September 17, 2020 (September 17, 2020) by Mark Dolan in Newsletter Archive
Issue 100: API Security advice from top industry experts Posted on September 10, 2020 (September 17, 2020) by Mark Dolan in Newsletter Archive
Issue 99: API flaws in the Mercedes-Benz app and Russian inter-bank money transfer Posted on September 3, 2020 (September 2, 2020) by Mark Dolan in Newsletter Archive
Issue 98: APIs as the next frontier in cybercrime Posted on August 27, 2020 (August 27, 2020) by Mark Dolan in Newsletter Archive
Issue 97: Gym apps & home automation vulnerabilities, how to not leak API keys Posted on August 20, 2020 (August 20, 2020) by Mark Dolan in Newsletter Archive
Issue 96: Vulnerabilities at Cisco and MGM Grand Resort, tutorial on Chrome DevTools and pentesting with GraphQL Posted on August 13, 2020 (August 12, 2020) by Mark Dolan in Newsletter Archive
Issue 95: Vulnerabilities at Zoom and OkCupid, progress on OAuth 2.1, API Information Disclosure tutorial Posted on August 6, 2020 (August 6, 2020) by Mark Dolan in Newsletter Archive
Issue 94: Two-day API security training at Black Hat USA Posted on July 30, 2020 (July 30, 2020) by Mark Dolan in Newsletter Archive
Issue 93: API authentication flaw in Chingari, a guide to OAuth Authorization Code grant Posted on July 23, 2020 (July 28, 2020) by Mark Dolan in Newsletter Archive
Issue 92: APIs putting dementia patients at risk, OAuth simulators Posted on July 16, 2020 (July 15, 2020) by Mark Dolan in Newsletter Archive
Issue 91: Homograph OAuth bypass, common JWT mistakes, ReDos attacks Posted on July 9, 2020 (July 8, 2020) by Mark Dolan in Newsletter Archive
Issue 90: Twitter API data security incident, Google Analytics APIs used with skimmers Posted on July 2, 2020 (July 1, 2020) by Mark Dolan in Newsletter Archive
Issue 89: Starbucks API flaw exposes almost 100 million customer accounts Posted on June 25, 2020 (June 25, 2020) by Mark Dolan in Newsletter Archive
Issue 88: JWT pentesting, API discovery, the present and future of OpenAPI Posted on June 18, 2020 (June 17, 2020) by Mark Dolan in Newsletter Archive
Issue 87: Vulnerabilities in Digilocker, Facebook, VMware Cloud Director Posted on June 11, 2020 (June 11, 2020) by Mark Dolan in Newsletter Archive
Issue 86: Vulnerabilities in Sign in with Apple, Qatar’s COVID19 app, GitLab Posted on June 4, 2020 (June 4, 2020) by Mark Dolan in Newsletter Archive
Issue 85: Vulnerability in Google Cloud Deployment Manager, a pentester’s guide to OAuth Posted on May 28, 2020 (May 28, 2020) by Mark Dolan in Newsletter Archive
Issue 84: Unprotected APIs at Google Firebase, leaky Arkansas PUA portal Posted on May 21, 2020 (May 20, 2020) by Mark Dolan in Newsletter Archive
Issue 83: India’s COVID-19 tracing app, OAuth2 API attacks Posted on May 14, 2020 (May 14, 2020) by Mark Dolan in Newsletter Archive
Issue 82: Most common GraphQL vulnerabilities, pentesting with Insomnia Posted on May 7, 2020 (May 6, 2020) by Mark Dolan in Newsletter Archive
Issue 81: Vulnerabilities in Microsoft Teams, Auth0, smart home hubs Posted on April 30, 2020 (April 29, 2020) by Mark Dolan in Newsletter Archive
Issue 80: API vulnerabilities IBM Data Risk Manager and Cisco Unified Computing System Posted on April 23, 2020 (April 22, 2020) by Mark Dolan in Newsletter Archive
Issue 79: 1.4 million doctor records scraped using API Posted on April 16, 2020 (April 16, 2020) by Mark Dolan in Newsletter Archive
Issue 78: Vulnerabilities in WordPress Rank Math, Tapplock, and TicTocTrack Posted on April 9, 2020 (April 8, 2020) by Mark Dolan in Newsletter Archive
Issue 77: Vulnerabilities in GitLab, OAuth 2.1 draft is out Posted on April 2, 2020 (April 1, 2020) by Mark Dolan in Newsletter Archive
Issue 76: 3rd-party API leaks 8 million shopping records Posted on March 26, 2020 (March 25, 2020) by Mark Dolan in Newsletter Archive
Issue 75: 98% of IoT traffic unencrypted, API DevSecOps in Azure Pipelines Posted on March 19, 2020 (March 19, 2020) by Mark Dolan in Newsletter Archive
Issue 74: Vulnerability in Login with Facebook, API security talks Posted on March 12, 2020 (March 12, 2020) by Mark Dolan in Newsletter Archive
Issue 73: Up to 75% credential abuse attacks target APIs Posted on March 5, 2020 (March 18, 2020) by Mark Dolan in Newsletter Archive
Issue 72: Vulnerabilities in WordPress ThemeREX Addons and Voatz, Facebook postmortem, JWT talks, OpenAPI Specification 3.0.3 Posted on February 27, 2020 by Mark Dolan in Newsletter Archive
Issue 71: Vulnerabilities in SoundCloud and Lime e-scooters, NIST Microservices security strategies Posted on February 20, 2020 by Mark Dolan in Newsletter Archive
Issue 70: Vulnerabilities in Twitter, Likud, Iowa caucus apps, two API security talks Posted on February 13, 2020 (February 13, 2020) by Mark Dolan in Newsletter Archive
Issue 69: Vulnerabilities in Azure Stack and Cisco TelePresence, API fuzzing Posted on February 6, 2020 (February 6, 2020) by Mark Dolan in Newsletter Archive
Issue 68: API security in Gartner Hype Cycle, McAfee threat predictions for 2020 Posted on January 30, 2020 (January 30, 2020) by Mark Dolan in Newsletter Archive
Issue 67: RFC for OAuth 2.0 Token Exchange, JWT Webinar Posted on January 23, 2020 by Mark Dolan in Newsletter Archive
Issue 66: Vulnerabilities in TikTok and InfiniteWP Client, AppSecCali 2020 Posted on January 16, 2020 (January 16, 2020) by Mark Dolan in Newsletter Archive
Issue 65: Vulnerabilities at Siemens, Cisco, D-Link, OWASP API Security Top 10 2019 out Posted on January 9, 2020 (January 8, 2020) by Mark Dolan in Newsletter Archive
Issue 64: API Vulnerabilities in Plenty of Fish, SonyLIV, SharePoint, Facebook Posted on January 2, 2020 (December 31, 2019) by Mark Dolan in Newsletter Archive
Issue 63: Microsoft and Google dropping Basic Auth, Thinkrace exposing 47mln+ devices Posted on December 26, 2019 (December 25, 2019) by Mark Dolan in Newsletter Archive
Issue 62: Vulnerabilities in Amazon Ring Neighbors and Droom, WebSocket API security Posted on December 19, 2019 (December 19, 2019) by Mark Dolan in Newsletter Archive
Issue 61: Exposed patient records, vulnerabilities at Airtel and Kaspersky Posted on December 12, 2019 (December 11, 2019) by Mark Dolan in Newsletter Archive
Issue 60: Microsoft Azure OAuth2 Vulnerability, 5G Threat Landscape, Webinars Posted on December 5, 2019 (December 5, 2019) by Mark Dolan in Newsletter Archive
Issue 59: Vulnerabilities in Fortinet, Truecaller, Nykaa Fashion, SMA M2 smartwatch Posted on November 28, 2019 (November 26, 2019) by Mark Dolan in Newsletter Archive
Issue 58: Broken Object Level Authorization explained, plus practical tips on API security Posted on November 21, 2019 (November 21, 2019) by Mark Dolan in Newsletter Archive
Issue 57: Vulnerabilities at Facebook, Amazon Ring, and GitHub, OWASP API Security Top 10 Webinar Posted on November 14, 2019 (November 14, 2019) by Mark Dolan in Newsletter Archive
Issue 56: Common JWT Attacks, OWASP API Security Top 10 cheat sheet Posted on November 7, 2019 (December 22, 2020) by Mark Dolan in Newsletter Archive
Issue 55: Vulnerabilities in eIDAS and Cisco routers, Instagram API program locked down Posted on October 31, 2019 (October 31, 2019) by Mark Dolan in Newsletter Archive
Issue 54: API vulnerabilities in eRosary, Kubernetes, Harbor Posted on October 24, 2019 (October 23, 2019) by Mark Dolan in Newsletter Archive
Issue 53: Vulnerabilities in TwitterKit, JustDial, Voi e-scooters Posted on October 17, 2019 (October 16, 2019) by Mark Dolan in Newsletter Archive
Issue 52: NIST Zero Trust Architecture Guidelines Posted on October 10, 2019 (October 10, 2019) by Mark Dolan in Newsletter Archive
Issue 51: Gartner releases full report on API security Posted on October 3, 2019 (October 17, 2019) by Mark Dolan in Newsletter Archive
Issue 50: Harbor API vulnerability, and the dangers of CRUD APIs Posted on September 26, 2019 (October 31, 2019) by Mark Dolan in Newsletter Archive
Issue 49: Uber account takeover and the leaky Get API Posted on September 19, 2019 (September 18, 2019) by Mark Dolan in Newsletter Archive
Issue 48: Vulnerabilities at Verizon and GPS trackers, S3 bucket names leaking Posted on September 12, 2019 (September 12, 2019) by Mark Dolan in Newsletter Archive
Issue 47: Cisco and MuleSoft vulnerabilities, API World passes Posted on September 5, 2019 (September 5, 2019) by Mark Dolan in Newsletter Archive
Issue 46: Cisco and Facebook patch APIs, Solr API parameter injection Posted on August 29, 2019 (August 28, 2019) by Mark Dolan in Newsletter Archive
Issue 45: Hacked dating apps and smartlocks, “Egregious 11” cloud security issues Posted on August 22, 2019 (August 21, 2019) by Mark Dolan in Newsletter Archive
Issue 44: ACS 2019 Agenda Posted on August 15, 2019 (August 15, 2019) by Mark Dolan in Newsletter Archive
Issue 43: REST API Security Testing Posted on August 8, 2019 (August 7, 2019) by Mark Dolan in Newsletter Archive
Issue 42: HTTP Security Headers Posted on August 1, 2019 (July 31, 2019) by Mark Dolan in Newsletter Archive
Issue 41: Tinder and Axway API Vulnerability, Equifax fined Posted on July 25, 2019 (July 25, 2019) by Mark Dolan in Newsletter Archive
Issue 40: Vulnerabilities in Instagram, 7-Eleven, Zipato Posted on July 18, 2019 (July 18, 2019) by Mark Dolan in Newsletter Archive
Issue 39: Vulnerable local Zoom webservers on 4+ mln Macs Posted on July 11, 2019 (July 11, 2019) by Mark Dolan in Newsletter Archive
Issue 38: Cracked smartlocks, X-Frame-Options, standards gaining adoption Posted on July 4, 2019 (July 4, 2019) by Mark Dolan in Newsletter Archive
Issue 37: Vulnerabilities with WebLogic and OnePlus, the Black Hat API workshop, and OAuth in action Posted on June 27, 2019 (June 27, 2019) by Mark Dolan in Newsletter Archive
Issue 36: Vulnerabilities at TP-Link, Venmo, Amcrest, and GateHub Posted on June 20, 2019 (December 2, 2019) by Mark Dolan in Newsletter Archive
Issue 35: IDE support for OpenAPI Posted on June 13, 2019 (June 13, 2019) by Mark Dolan in Newsletter Archive
Issue 34: OWASP launches API Security Top 10 project Posted on June 6, 2019 (November 22, 2019) by Mark Dolan in Newsletter Archive
Issue 33: First American leaks 885 million mortgage records Posted on May 30, 2019 (May 29, 2019) by Mark Dolan in Newsletter Archive
Issue 32: WAFs missing API attacks for 86% of users Posted on May 23, 2019 (May 23, 2019) by Mark Dolan in Newsletter Archive
Issue 31: Samsung SmartThings repo token leaks, and Facebook fined for API vulnerability Posted on May 16, 2019 (May 15, 2019) by Mark Dolan in Newsletter Archive
Issue 30: 5G going to REST. Breaches in Dell, Cisco, WebLogic, DockerHub, JustDial, iLnkP2P Posted on May 9, 2019 (May 8, 2019) by Mark Dolan in Newsletter Archive
Issue 29: OAuth2 attacks, car GPS vulnerabilities, and honeypot stats Posted on May 2, 2019 (May 1, 2019) by Mark Dolan in Newsletter Archive
Issue 28: Breaches in Tchap, Shopify, and JustDial Posted on April 25, 2019 (April 24, 2019) by Mark Dolan in Newsletter Archive
Issue 27: MyCar vulnerability, serverless, IoT API security Posted on April 18, 2019 (April 17, 2019) by Mark Dolan in Newsletter Archive
Issue 26: Verizon routers patched for API vulnerability Posted on April 11, 2019 (April 10, 2019) by Mark Dolan in Newsletter Archive
Issue 25: NIST microservices guidelines, Facebook opens up to pentesting Posted on April 4, 2019 (April 10, 2019) by Mark Dolan in Newsletter Archive
Issue 24: Unprotected APIs in implants, storing API secrets Posted on March 28, 2019 (March 28, 2019) by Mark Dolan in Newsletter Archive
Issue 23: Hacking ML, AWS Gateway Security, Gartner advice to CISO Posted on March 21, 2019 (March 20, 2019) by Mark Dolan in Newsletter Archive
Issue 22: SANS SWAT list, 42Crunch Platform launch Posted on March 14, 2019 (March 13, 2019) by Mark Dolan in Newsletter Archive
Issue 21: Amazon Ring Doorbell camera hacked, open APIs coming to healthcare Posted on March 7, 2019 (March 6, 2019) by Mark Dolan in Newsletter Archive
Issue 20: Drupal APIs hacked, EU releases IoT standards Posted on February 28, 2019 (February 28, 2019) by Mark Dolan in Newsletter Archive
Issue 19: Half of Amazon’s top-selling smart devices found vulnerable Posted on February 21, 2019 (February 20, 2019) by Mark Dolan in Newsletter Archive
Issue 17: 83 percent of web traffic is API, and why query parameters are bad for secrets Posted on February 7, 2019 (February 7, 2019) by Mark Dolan in Newsletter Archive
Issue 16: DHS DNS hijacking directive, plus 5 API security rules Posted on January 31, 2019 (January 31, 2019) by Mark Dolan in Newsletter Archive
Issue 15: Fortnite hack, TLS MITM attacks, SQL injections for NoSQL Posted on January 24, 2019 (January 23, 2019) by Mark Dolan in Newsletter Archive
Issue 14: Hacked hot tubs, airlines, trading sites; JSON encoding best practices Posted on January 17, 2019 (January 16, 2019) by Mark Dolan in Newsletter Archive
Issue 13: Microsoft services and Chromecast hacks, the limitations of WAF Posted on January 10, 2019 (January 9, 2019) by Mark Dolan in Newsletter Archive
Issue 12: Car APIs leaking location, breached security cameras, regulation that helps Posted on January 3, 2019 (January 3, 2019) by Mark Dolan in Newsletter Archive
Issue 11: Mutual TLS authentication in Golang open to DoS, XSS in Google Code-in Posted on December 20, 2018 (December 20, 2018) by Mark Dolan in Newsletter Archive
Understanding Golang TLS mutual authentication DoS – CVE-2018-16875 Posted on December 19, 2018 (December 20, 2018) by Mark Dolan in Newsletter Archive
Issue 10: Unprotected Docker and Ethereum APIs, McAfee 2019 forecast Posted on December 13, 2018 (December 12, 2018) by Mark Dolan in Newsletter Archive
Issue 9: Patch your Kubernetes and security cameras, check out the Node.js security guide Posted on December 6, 2018 (December 6, 2018) by Mark Dolan in Newsletter Archive
Issue 8: USPS API broken, APIdays, ETSI downgrades TLS Posted on November 29, 2018 (November 28, 2018) by Mark Dolan in Newsletter Archive
Issue 7: OAuth attacks, vulnerabilities in drones and kids’ watches Posted on November 21, 2018 (November 21, 2018) by Mark Dolan in Newsletter Archive
Issue 6: Steam API leaks keys, and why WAF does not help DevSecOps Posted on November 15, 2018 (November 15, 2018) by Mark Dolan in Newsletter Archive
Issue 5: Bad TLS client authentication, how not to use cURL, State of Software Security Posted on November 7, 2018 (November 15, 2018) by Mark Dolan in Newsletter Archive
Issue 4: Remini hacked, perils of free APIs, TLS explained, ATMs & SWIFT get APIs Posted on November 1, 2018 (November 15, 2018) by Mark Dolan in Newsletter Archive
Issue 3: TLS 1.3, securing JWT, US banks release a common API standard Posted on October 25, 2018 (November 15, 2018) by Mark Dolan in Newsletter Archive
Issue 2: California IoT security law, GoDaddy & AWS vulnerabilities Posted on October 18, 2018 (October 24, 2018) by Mark Dolan in Newsletter Archive
Issue 1: APIStrat, CORS, Samsung, Google, Facebook, GitLab, Apple Posted on October 11, 2018 (October 16, 2018) by Mark Dolan in Newsletter Archive

About: mark.dolan@42crunch.com

Posts by mark.dolan@42crunch.com:

Apisecurity.io is powered by:

Legal Info

Get in touch with us