DVAPI Walkthrough: API Penetration Testing: OWASP TOP 10 APIWelcome to the Damn Vulnerable API (DVAPI) project. This project is based on the OWASP API Top 10, 2023 Stable version, published on June…Oct 292Oct 292
Broken Object Property Level AuthorizationBroken Object Property Level Authorization refers to a category of vulnerabilities that includes two main subclasses: Excessive Data…Oct 251Oct 251
API Broken Authentication leads to account take-overAuthentication is a crucial element of web API security. Web APIs employ different authentication mechanisms to ensure data…Oct 23Oct 23
Hunting Broken Object Level AuthorizationToday, I am discussing BOLA, which is considered the number one vulnerability according to OWASP API.Oct 22Oct 22
Exploiting server-side parameter pollution in a REST APITo start API testing, you first need to find out as much information about the API as possible, to discover its attack surface.Oct 21Oct 21
Unauthenticated AWS IAM Principals Enumeration | Cloud Misconfiguration and Countermeasures.Context:Mar 13Mar 13
HTTP HeadersToday I am discussing on different types of HTTP headers and their categories.Nov 12, 2021Nov 12, 2021
