Upendra Mardikar

Bigger Organizations Have Multiple Attack Surfaces

Nowadays, protecting within the organization is table stakes, and we have to go beyond the four walls, we have to go and make sure that not only do we protect our organization, ...
Penetration test of an API

The Perils of Overestimating the Security of Your APIs

In 2019, I hacked 30 bank mobile apps and APIs in coordination with domestic and international financial services and FinTech companies. In 2020-2021, I hacked 30 mobile health (mHealth) apps and FHIR ...
Vulnerable Code

A Deep Dive On The Most Critical API Vulnerability — BOLA (Broken Object Level Authorization)

In this article, I dig into the details about Broken Object Level Authorization (BOLA) — the most common and most severe API vulnerability today according to the OWASP API Security Project. Insecure ...