DISC InfoSec blog

Hacking APIs: Breaking Web Application Programming Interfaces InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Applied Programming Interfaces (API) are an essential component of most modern programs and applications. In fact, cloud applications and mobile applications now rely heavily on APIs because they are designed to control various elements. Many large companies have hundreds or even thousands of APIs built into their infrastructure. The number of API interfaces will only […]

API security is an undervalued but crucial aspect of information security. Some of the most common cyber attacks exploit APIs and web applications, and if organisations are to stay secure, they must test their systems to identify and eradicate weaknesses. Organisations can achieve this with API penetration tests. An ethical hacker (or ‘penetration tester’) will […]

A recent report reveals that the number of attacks on financial service APIs and web applications worldwide increased by 257%.   There are more APIs in use than ever, and the average FinTech company takes advantage of hundreds if not thousands of connections in their daily operations. APIs have become a critical component of fintech but also open […]

by Paul Ducklin JWT is short for JSON Web Token, where JSON itself is short for JavaScript Object Notation. JSON is a modernish way of representing structured data; its format is a bit like XML, and can often be used instead, but without all the opening-and-closing angle brackets to get in the way of legibility. For example, data […]

The majority of major automobile manufacturers have addressed vulnerability issues that would have given hackers access to their vehicles to perform the following activities remotely:- Lock the car Unlock the car Start the engine Press the horn Flas the headlights Open the trunk of certain cars made after 2012 Locate the car Flaw in SiriusXM […]

APIs are a powerful tool for organizations to build innovative products and services. Research has shown that over 90% of developers use APIs and 56% have reported that APIs help them to develop better products. However, this increase in demand means there is also an increase in risk. API security is not a new problem. […]

If you’re into web API security testing, then you know that API hacking books are a valuable resource. They can teach you new things, introduce you to new concepts around breaking web application programming and help you stay up-to-date on the latest trends in your field. That’s why I’ve put together this list of 5 […]

Our society has become increasingly dependent on technology in the past few decades, and the global pandemic accelerated this trend. What is API Security? APIs are prevalent in SaaS models and modern applications across the board. API security refers to best practices applied to aspects of these APIs to ensure they’re protected from cybercriminals. Web […]

A CISO’s mandate is to empower the business to move forward on key growth initiatives and simultaneously reduce risk. To this end, they must continuously evaluate and weigh the security ramifications of many strategic initiatives, ultimately weighing the potential impact on a company’s: • Speed to market. • Competitive advantage. • Brand reputation. By focusing […]

The OWASP Foundation recognizes this fact via the API Security Top 10 list of vulnerabilities and security risks. When we look at the list, there are six common methods of execution. Three of the issues occur due to weak access control and three to business logic abuse, with the remainder existing due to insufficient traffic management, application […]