infosec

30Days30APISecurityTests.

• https://github.com/akto-api-security/30-API-security-tests

#API #Security

GitHub - akto-api-security/30-API-security-tests: 🚀 Join us for 30days of daily API security tests. #30days30tests We've spent…

🚀 Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the community. Next 30 days we will post test tutorials he...

4.6K views18:01

infosec

🔑 KeyHacks.

• KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid.

• https://github.com/streaak/keyhacks

#api #hack

Please open Telegram to view this post

VIEW IN TELEGRAM

GitHub

GitHub - streaak/keyhacks: Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can…

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. - streaak/keyhacks

8.0K views19:16

infosec

Photo

OWASP Top 10 API 2023.pdf

930.8 KB

🔝 OWASP API Security Top 10 2023.

• API1:2023 - Broken Object Level Authorization;
• API2:2023 - Broken Authentication;
• API3:2023 - Broken Object Property Level Authorization;
• API4:2023 - Unrestricted Resource Consumption;
• API5:2023 - Broken Function Level Authorization;
• API6:2023 - Unrestricted Access to Sensitive Business Flows;
• API7:2023 - Server Side Request Forgery;
• API8:2023 - Security Misconfiguration;
• API9:2023 - Improper Inventory Management;
• API10:2023 - Unsafe Consumption of APIs.

➡

https://blog.devsecopsguides.com

#DevSecOps #Security #API

Please open Telegram to view this post

VIEW IN TELEGRAM

12.2K views15:33

infosec

🔒 API Security Academy.

• По ссылке ниже можно найти бесплатную коллекцию заданий, которые научат Вас атаковать и защищать приложения, использующие GraphQL.

• Академия предоставляет подробные уроки, из которых Вы узнаете о различных уязвимостях и передовых методах обеспечения защиты.

Список доступных уроков:
- Prevent Mutation Brute-Force Attacks;
- Implement Object-Level Authorization;
- Disable Debug Mode for Production;
- Combat SQL Injections;
- Limit Query Complexity;
- Implement Field-Level Authorization;
- Configure HTTP Headers for User Protection;
- Validate JSON Inputs;
- Implement Resolver-Level Authorization.

В будущем будут опубликованы и другие уроки:
- Mitigate Server Side Request Forgery;
- Implement Rate-Limiting for Bot Deterrence;
- Abort Expensive Queries for Protection;
- Configure a Secure API Gateway;
- Limit Query Batching to Safeguard Resources;
- Implement List Pagination;
- Secure Third-Party API Interactions.

#API #GraphQL

Please open Telegram to view this post

VIEW IN TELEGRAM

13.9K views13:32

infosec

👩‍💻 Awesome PowerShell.

• Большая подборка различного материала для изучения PowerShell: книги, курсы, статьи, подсказки, команды и т.д.:

- API Wrapper;
- Blogs;
- Books;
- Build Tools;
- Code and Package Repositories;
- Commandline Productivity;
- Communities;
- Data;
- Documentation Helper;
- Editors and IDEs;
- Frameworks;
- Interactive Learning;
- Logging;
- Module Development Templates;
- Package Managers;
- Parallel Processing;
- Podcasts;
- Security;
- SharePoint;
- SQL Server;
- Testing;
- Themes;
- UI;
- Videos;
- Webserver;
- Misc.

• Не забывайте про дополнительный материал, который опубликован в нашем канале:

- Коллекция примеров пошаговых сценариев администрирования систем с помощью PowerShell;
- Полезные заметки о командах PowerShell;
- Мини-курс: Windows PowerShell 5. [Часть 1], [Часть 2];
- Книга: PowerShell Security. (RU).

#PowerShell

Please open Telegram to view this post

VIEW IN TELEGRAM

9.3K views08:33

About

Blog

Apps

Platform