API Security

Subscribe for expert insights to protect your applications.

Thanks! Your subscription has been recorded.

The Perils of Overestimating the Security of Your APIs

The Perils of Overestimating the Security of Your APIs

In 2019, I hacked 30 bank mobile apps and APIs in coordination with domestic and international financial services and FinTech companies. In 2020-2021, I hacked 30 mobile health (mHealth) apps and FHIR APIs in coordination with healthcare providers, giving me access to thousands of patient records via their APIs due to broken authentication and authorization vulnerabilities. This year, in coordination with federal and state law enforcement agencies, I was able to take remote control of law enforcement vehicles through the automaker’s APIs.

AWS WAF and CloudFront: How to Use Them Together

AWS WAF and CloudFront: How to Use Them Together

Security is really important. There is nothing like the gut-wrenching feeling of exposing users’ data. However, security isn’t the most exciting part of web development and is often ignored. Using AWS CloudFront and AWS WAF together, you can add some security to your sites with less work and focus on making features for your users.

How to Test API Security: A Guide and Checklist

How to Test API Security: A Guide and Checklist

APIs are the pipes that connect various applications and (micro)services. As data flows through them, security is of utmost importance to prevent data leakage. Also, since APIs are like doors into your application, they’re the obvious entry point for attackers who want to break your system.

Top 5 Ways To Protect Against Data Exposure

Top 5 Ways To Protect Against Data Exposure

Attackers are listening to your API chatter, finding vulnerabilities that reveal valuable (and personal) data. Here’s what developers should consider to protect against excessive data exposure.

Web Application Security Is Not API Security

Web Application Security Is Not API Security

Traditional web security was relatively easy: defend the web application like it was the Queen’s castle. With the rise of microservices, however, application security must be smarter.

Use the OWASP API Top 10 To Secure Your APIs

Use the OWASP API Top 10 To Secure Your APIs

Think of the OWASP API Top 10 as a checklist of vulnerabilities that bad actors can use to breach your system. Here’s how to be confident in your application security.