WebAPI The API Security Problem (Note: If you'd like more on the OWASP API Top 10 then take a look at my Pluralsight course on OWASP Top 10: API Security Playbook [https://pluralsight.pxf.io/o2z3o]) There are many things on the internet that don’t get
Security CVSS for Dev Teams Penetrations test results (hopefully) contain CVSS scores. Here are some thoughts on how a dev team should look at them.
ApiTop10 OWASP API Top 10: Broken Object Level Authorisation Understand how broken object level authorisation attacks work against an API, why they work and what the potential impact is..
Security Defending from Forced Browsing…good reasons not to just hide restricted content Secure coding to protect against forced browsing. Strong defences from forced browsing require controls such as Role Based Access. Here we explain how to mount a good defence!