▶️ Secure API Lifecycle

[A Thread 🧵] 👇

#cybersecurity #infosec #appsec #Pentesting 1/- Design

Strong API security starts at the design stage to ensure that full consideration of Authentication and authorization and Data privacy requirements, minimize attack surfaces and threat modeling activity ensures all attack surfaces are understood before implementation.

𝗔𝘁𝘁𝗮𝗰𝗸𝗶𝗻𝗴 𝟮𝗙𝗔📲 𝗶𝗻 𝗠𝗼𝗱𝗲𝗿𝗻 𝗪𝗲𝗯 𝗔𝗽𝗽𝘀

9 Different Techniques to Bypass 2FA in WebApps.

[A Thread 🧵]

#bugbounty #bugbountytips #cybersecurity #AppSec 𝐖𝐡𝐚𝐭 𝐢𝐬 𝟐𝐅𝐀 ?

2FA is a security process in which users provide two different authentication factors to verify themselves. 2FA is implemented to better protect both a user’s credentials and the resources the user can access.

10 different techniques to Find and Bypass Open Redirect Vulnerabilities in Web Application.

[A Thread 🧵]

#bugbounty #bugbountytips #cybersecurity #AppSec [1/n]

𝐖𝐡𝐚𝐭 𝐢𝐬 𝐚𝐧 𝐎𝐩𝐞𝐧 𝐑𝐞𝐝𝐢𝐫𝐞𝐜𝐭 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲?

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way.

8 different techniques to Bypass Rate Limits in Web Applications and API's.

[A Thread 🧵]

#bugbounty #bugbountytips #cybersecurity #AppSec - What is Rate Limit

Rate limiting is a process to limiting the number of request an user can make to a web server in an span of time. This can be achieved by implementing IP based, Session Based rate limits on web server.

Bypasses 👇

How to Look for "Insecure CORS Configuration" vulnerabilities.

[A thread 🧵]

#appsec #bugbounty #bugbountytips #cybersecurity [2/n]
What is Insecure CORS issue?

An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses thus enabling attackers to perform privileged actions or to retrieve potential sensitive information