api security

Three

Three Excellent API Security Practices Most People Neglect

We are very much in the age of APIs. From widely-used single-purpose products like Slack to cloud-based solutions like Amazon Web Services (AWS) and Microsoft Azure, APIs are used to drive business processes in all kinds of industries, every day. For tech companies, whether you’re doing a monolithic back-end, containerized microservices, or serverless architecture, the …

Three Excellent API Security Practices Most People Neglect Read More »

Insomnia plus Burp Suite icons

Getting Started API Penetration Testing with Insomnia

In our blog series on Better API Penetration Testing with Postman we discussed using Postman as the client for testing RESTful service APIs. Insomnia is an MIT-licensed open source alternative to Postman. Its commercial maintainer, Kong, is best known for their microservice API Gateway. Like Postman, Kong offers premium subscriptions for syncing and collaboration functionality. …

Getting Started API Penetration Testing with Insomnia Read More »

Better API Penetration Testing with Postman – Part 3

In Part 1 of this series, we got started with Postman and generally creating collections and requests. In Part 2, we set Postman to proxy through Burp Suite, so that we could use its fuzzing and request tampering facilities. In this part, we will dig into some slightly more advanced functionality in Postman that you …

Better API Penetration Testing with Postman – Part 3 Read More »

Three C-Words of Web App Security: Part 2 – CSRF

This is the second in a three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. In July, I posted part one, which was Three C-Words of Web App Security: …

Three C-Words of Web App Security: Part 2 – CSRF Read More »

Scroll to Top