Issue 276: API discovery hype, BOLA at McDonalds, Cisco APIs exploited, input validation best practices

This week, we’re sharing two articles focused on input validation best practices, exploring how weak validation can leave APIs exposed. We also take a closer look at some recent claims about API discovery that risk distracting from real security issues, plus a review of recent API security incidents reported at McDonald’s and Cisco. Article: How […]

Read More…

Issue 275: API hackers strike gold, Malicious API drift at CoinMarketCap, Survey reveals major API security gaps

This week, our theme is “how secure is your API security?”. We highlight two recent attacks targeting major financial platforms, along with a new industry survey that exposes significant gaps in API security practices. We also explore technical deep-dives into vulnerabilities such as JWT flaws and host header injection attacks. Plus, we share details on […]

Read More…

Issue 259: API flaw exposes 4 million WordPress sites, API error handling bugs, a case for API First

This week, we focus on the topic of API error handling and how a REST API exposed 4 million WordPress websites to account takeover attacks. We also cover the risks and best practices for designing API error responses, and we look at an article that makes a great case for API-First. Vulnerability: 4,000,000 WordPress sites […]

Read More…