Discover and read the best of Twitter Threads about #APIsecurity

Most recents (4)

1/14 πŸš€ We've put together an in-depth series on APIs, covering everything from fundamentals to AI APIs. Join us on this journey! #APIs #WebDevelopment #Coding
2/14 πŸ“š Starting with API fundamentals, we dive into the basics that every developer should know. Get the solid foundation you need! vegibit.com/%f0%9f%93%9a-a… #APIFundamentals #BackToBasics #LearnToCode
3/14 🌐 HTTP and RESTful APIs are key to modern web services. Learn how these technologies power the web. vegibit.com/%f0%9f%8c%90-h… #RESTfulAPIs #HTTP #WebServices
Read 16 tweets
API-Security-Tips🌡

Old version of API tend to be more vulnerable

Saw a call to api/v3/login? Check api/v1/login exists as well It might be more vulnerable

#cybersecurity #hacking #bugbounty #bugbountytips #infosec #APIsecurity

API TIP: 1/10πŸ‘‡πŸΏβœ”
Never assume there’s only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: /api/mobile/login | /api/v3/login | /api/magic_link; etc..

Find and test all of them for AuthN problems.

API TIP: 2/10πŸ‘‡πŸΏβœ”
SQL Injections used to be extremely common 5-10 years ago, and you could break almost every company?

BOLA (IDOR) is the new epidemic of API security.

As a pentester, if you understand how to exploit it, your glory is guaranteed.

medium.com/@inonst/a-deep…

API TIP: 3/10πŸ‘‡πŸΏβœ”
Read 10 tweets
Hello world! From my 10 yrs as a dev working at scale and talking to 300+ security engineers, I have been meaning to share some dos-and-don'ts of API Security. 🀠

This is my first time posting on Twitter. Shower some love πŸ•Ί #apisecurity #securecodingpractice #devsecops
Starting with the most common practice - API Keys πŸ”‘. These are
- used for many 3rd party integrations
- given to clients to access data programatically
- for inter-service communications

It'd be awesome πŸ˜ƒ if you can add more or share any bitter experiences around API keys 🀐
0⃣/9⃣
API Keys aren't as secure as authentication tokens. Tokens like JWT are far stronger and have an expiration date by nature.
Read 14 tweets
API-Security-Tips

Old version of API tend to be more vulnerable

Saw a call to api/v3/login? Check api/v1/login exists as well It might be more vulnerable

#cybersecurity #hacking #bugbounty #bugbountytips #infosec #APIsecurity

API TIP: 1/10πŸ‘‡πŸΏβœ”
Never assume there’s only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: /api/mobile/login | /api/v3/login | /api/magic_link; etc..

Find and test all of them for AuthN problems.

API TIP: 2/10πŸ‘‡πŸΏβœ”
SQL Injections used to be extremely common 5-10 years ago, and you could break almost every company?

BOLA (IDOR) is the new epidemic of API security.

As a pentester, if you understand how to exploit it, your glory is guaranteed.

medium.com/@inonst/a-deep…

API TIP: 3/10πŸ‘‡πŸΏβœ”
Read 10 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!