Discover and read the best of Twitter Threads about #apisecurity
Most recents (4)
1/14 π We've put together an in-depth series on APIs, covering everything from fundamentals to AI APIs. Join us on this journey! #APIs #WebDevelopment #Coding
2/14 π Starting with API fundamentals, we dive into the basics that every developer should know. Get the solid foundation you need! vegibit.com/%f0%9f%93%9a-aβ¦ #APIFundamentals #BackToBasics #LearnToCode
3/14 π HTTP and RESTful APIs are key to modern web services. Learn how these technologies power the web. vegibit.com/%f0%9f%8c%90-hβ¦ #RESTfulAPIs #HTTP #WebServices
API-Security-Tipsπ΅
Old version of API tend to be more vulnerable
Saw a call to api/v3/login? Check api/v1/login exists as well It might be more vulnerable
#cybersecurity #hacking #bugbounty #bugbountytips #infosec #APIsecurity
API TIP: 1/10ππΏβ
Old version of API tend to be more vulnerable
Saw a call to api/v3/login? Check api/v1/login exists as well It might be more vulnerable
#cybersecurity #hacking #bugbounty #bugbountytips #infosec #APIsecurity
API TIP: 1/10ππΏβ
Never assume thereβs only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: /api/mobile/login | /api/v3/login | /api/magic_link; etc..
Find and test all of them for AuthN problems.
API TIP: 2/10ππΏβ
Find and test all of them for AuthN problems.
API TIP: 2/10ππΏβ
SQL Injections used to be extremely common 5-10 years ago, and you could break almost every company?
BOLA (IDOR) is the new epidemic of API security.
As a pentester, if you understand how to exploit it, your glory is guaranteed.
medium.com/@inonst/a-deepβ¦
API TIP: 3/10ππΏβ
BOLA (IDOR) is the new epidemic of API security.
As a pentester, if you understand how to exploit it, your glory is guaranteed.
medium.com/@inonst/a-deepβ¦
API TIP: 3/10ππΏβ
Hello world! From my 10 yrs as a dev working at scale and talking to 300+ security engineers, I have been meaning to share some dos-and-don'ts of API Security. π€
This is my first time posting on Twitter. Shower some love πΊ #apisecurity #securecodingpractice #devsecops
This is my first time posting on Twitter. Shower some love πΊ #apisecurity #securecodingpractice #devsecops
Starting with the most common practice - API Keys π. These are
- used for many 3rd party integrations
- given to clients to access data programatically
- for inter-service communications
It'd be awesome π if you can add more or share any bitter experiences around API keys π€
- used for many 3rd party integrations
- given to clients to access data programatically
- for inter-service communications
It'd be awesome π if you can add more or share any bitter experiences around API keys π€
0β£/9β£
API Keys aren't as secure as authentication tokens. Tokens like JWT are far stronger and have an expiration date by nature.
API Keys aren't as secure as authentication tokens. Tokens like JWT are far stronger and have an expiration date by nature.
API-Security-Tips
Old version of API tend to be more vulnerable
Saw a call to api/v3/login? Check api/v1/login exists as well It might be more vulnerable
#cybersecurity #hacking #bugbounty #bugbountytips #infosec #APIsecurity
API TIP: 1/10ππΏβ
Old version of API tend to be more vulnerable
Saw a call to api/v3/login? Check api/v1/login exists as well It might be more vulnerable
#cybersecurity #hacking #bugbounty #bugbountytips #infosec #APIsecurity
API TIP: 1/10ππΏβ
Never assume thereβs only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: /api/mobile/login | /api/v3/login | /api/magic_link; etc..
Find and test all of them for AuthN problems.
API TIP: 2/10ππΏβ
Find and test all of them for AuthN problems.
API TIP: 2/10ππΏβ
SQL Injections used to be extremely common 5-10 years ago, and you could break almost every company?
BOLA (IDOR) is the new epidemic of API security.
As a pentester, if you understand how to exploit it, your glory is guaranteed.
medium.com/@inonst/a-deepβ¦
API TIP: 3/10ππΏβ
BOLA (IDOR) is the new epidemic of API security.
As a pentester, if you understand how to exploit it, your glory is guaranteed.
medium.com/@inonst/a-deepβ¦
API TIP: 3/10ππΏβ
