Issue 277: Hacking WAFs, AI benefits and risks, AI-ready with OpenAPI, Developers exposed

This week, we cover the promise and pitfalls of using AI for API security, along with newly discovered vulnerabilities in Web Application Firewalls and emerging Vibe Coding platforms. We explore strategies for building APIs optimized for AI integration, and highlight a critical vulnerability in a popular API development framework that developers should be aware of. […]

Read More…

Issue 276: API discovery hype, BOLA at McDonalds, Cisco APIs exploited, input validation best practices

This week, we’re sharing two articles focused on input validation best practices, exploring how weak validation can leave APIs exposed. We also take a closer look at some recent claims about API discovery that risk distracting from real security issues, plus a review of recent API security incidents reported at McDonald’s and Cisco. Article: How […]

Read More…

Issue 272: Volkswagen API hacked, API flaws in Instagram & Tiktok, ELi attacks, Radware & Cisco API vulnerabilities

This week, we’re sharing five API vulnerability incidents that provide valuable insights into how APIs are commonly hacked and how to prevent these same vulnerabilities in your APIs. These incidents include the exposure of vehicle owner data from Volkswagen’s mobile app, enumeration vulnerabilities in Instagram and Tiktok APIs, an in-depth look at expression language injection […]

Read More…

Issue 259: API flaw exposes 4 million WordPress sites, API error handling bugs, a case for API First

This week, we focus on the topic of API error handling and how a REST API exposed 4 million WordPress websites to account takeover attacks. We also cover the risks and best practices for designing API error responses, and we look at an article that makes a great case for API-First. Vulnerability: 4,000,000 WordPress sites […]

Read More…