breach analysis
Bigger Organizations Have Multiple Attack Surfaces
Nowadays, protecting within the organization is table stakes, and we have to go beyond the four walls, we have to go and make sure that not only do we protect our organization, ...
The Perils of Overestimating the Security of Your APIs
In 2019, I hacked 30 bank mobile apps and APIs in coordination with domestic and international financial services and FinTech companies. In 2020-2021, I hacked 30 mobile health (mHealth) apps and FHIR ...
A Deep Dive On The Most Critical API Vulnerability — BOLA (Broken Object Level Authorization)
In this article, I dig into the details about Broken Object Level Authorization (BOLA) — the most common and most severe API vulnerability today according to the OWASP API Security Project. Insecure ...