Proactive API Security for Modern Threats
There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead…
Category: Mix
Context is King: Using API Sessions for Security Context
There’s no doubt that API security is a hot topic these days. The continued growth in API-related breaches and increase in publicized API vulnerabilities has…
Using the Smartest AI to Rate Other AI
Since early 2023 I’ve wanted a system that can assess how well AI does at a given task. And when I say “system”, what I…
Calculating the Long-Term Business Cost
API attacks can be costly. Really costly. Obvious financial impacts like legal fines, stolen finances, and incident response budgets can run into the hundreds of…
The cyber threat landscape part 1: Enhancing cybersecurity strategies
The world continues to witness a dramatic transformation in the cybersecurity landscape. The demand for effective, global threat intelligence intensifies as geopolitical and economic shifts…
10 practical tips for beginners
Capture The Flag (CTF) challenges are fun to play, form a powerful training ground and help drastically develop your hacking skills. CTF competitions come in…
Expanding Capabilities and Attack Surfaces
AI and APIs have a symbiotic relationship. APIs power AI by providing the necessary data and functionality, while AI enhances API security through advanced threat…
Unlocking Engagement with Employee Feedback
Since 2018, HackerOne has maintained an employee engagement survey participation rate of over 80%, with half of the surveys achieving 90% or more participation. The…
Top 4 new attack vectors in web application targets
We all like to find vulnerabilities in bug bounty programs, they get us bounties, increase our ranks on platform leaderboards and help us stay motivated…
Final Thoughts on the 2024 Election
I have some interesting thoughts going into the big day tomorrow, and I wanted to try to capture them concisely. The best overview debate (Harris…
Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale
In a concerning trend, cybercriminals are leveraging DocuSign’s APIs to send fake invoices that appear strikingly authentic. Unlike traditional phishing scams that rely on deceptively…
Exploring OWASP Noir’s PassiveScan | HAHWUL
Detecting Secrets with Noir – The PassiveScan Advantage Hello, security enthusiasts! Today, we’re diving into the exciting new features of OWASP Noir v0.18, particularly focusing…