app security

Subscribe for expert insights to protect your applications.

Thanks! Your subscription has been recorded.

The Perils of Overestimating the Security of Your APIs

The Perils of Overestimating the Security of Your APIs

In 2019, I hacked 30 bank mobile apps and APIs in coordination with domestic and international financial services and FinTech companies. In 2020-2021, I hacked 30 mobile health (mHealth) apps and FHIR APIs in coordination with healthcare providers, giving me access to thousands of patient records via their APIs due to broken authentication and authorization vulnerabilities. This year, in coordination with federal and state law enforcement agencies, I was able to take remote control of law enforcement vehicles through the automaker’s APIs.

WAF vs. RASP: A Comparison and Guide to Leveraging Both

WAF vs. RASP: A Comparison and Guide to Leveraging Both

The majority of organizations rely heavily on third-party web applications connected through APIs to generate revenue and serve customers. In many cases, these web applications contain security vulnerabilities.

Top 5 Ways To Protect Against Data Exposure

Top 5 Ways To Protect Against Data Exposure

Attackers are listening to your API chatter, finding vulnerabilities that reveal valuable (and personal) data. Here’s what developers should consider to protect against excessive data exposure.