Akto Blogs
Product updates
5 mins
Detailed Errors on Postman and Swagger File Import
Akto now replays APIs to automatically get data during an import of Postman and Swagger files and transparently displays reasons why each specific API couldn't be replayed in the case of an error.
Raaga Srinivas
Product updates
5 mins
Added 98 New API Security Tests across 5 OWASP categories
Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.
Raaga Srinivas
Product updates
5 mins
3 New Ways to Detect Improper API Inventory, OWASP API9:2023
Akto has introduced new features related to Improper Inventory Management that allow you to organize your inventory with tags and recognize hidden APIs to better your security testing.
Raaga Srinivas
Product updates
5 mins
New Feature: Targeted API Security Testing with Dynamic Wordlists
Akto now uses dynamic wordlists to perform targeted API Security testing that significantly decreases test times and reduces false positives.
Raaga Srinivas
Developer best practices
12 mins
Top 34 Cyber security Certifications to Grow Your Career
This guide provides an overview of 34 of the most popular and respected cybersecurity certifications. We have organized them by career stage and specialism, so you can easily find the ones that are most relevant to you.
Medusa
API security breaches
6 mins
Roku Data Breach - 15000 Customers affected!
Roku revealed a data breach that affected more than 15,000 customers for unauthorized purchases of hardware and streaming subscriptions.
Medusa
News
5 mins
February Product News: Akto’s Istio Connector, Sensitive Data in URLs and more
This is the February product newsletter for Akto. This month, we launched some exciting features, including Akto’s Istio Traffic Connector, Sensitive Data Detection in URLs and more.
Raaga Srinivas
Product updates
8 mins
New Feature: Detect Sensitive Data in URLs with Akto
Akto now simplifies the process of detecting sensitive data types in URLs in an automated way from our pre-existing repository of regular expressions so that your development teams can instantly resolve the vulnerabilities. See how!
Raaga Srinivas
Product updates
10 mins
Introducing Test Roles for Authorization Testing with Akto
In API security, authorization tests involve checking if the access control measures in place are working effectively. So it’s important for you to test for the eventuality of this vulnerability by using the authorization tokens of different ‘roles’, and you can do this with Akto.
Raaga Srinivas
News
7 mins
FCKeditor Exploit: How Open Redirect Vulnerabilities Fuel SEO Poisoning
The attackers exploited open redirect requests associated with FCKeditor, a web text editor that used to be popular.
Medusa
News
8 Min
NIST Releases Version 2.0 : 6 Key Features of NIST CyberSecurity Framework 2.0
Explore the key features and effective implementation of the NIST Cybersecurity Framework 2.0. This comprehensive guide provides insights on managing cybersecurity risks in organizations of all sizes and sectors.
Ankita
Insights
6 mins
CVE-2023-35078: A Deep Dive into Protecting Your APIs from Emerging Vulnerabilities
Uncover top API vulnerabilities and CVEs from 2023 including CVE-2023-35078, CVE-2023-23752 and CVE-2023-49103.
Medusa
API Security
5 mins
Prompt Injection Vulnerabilities in LLMs: An Overview of OWASP LLM01
Prompt injection in Large Language Models (LLMs) is a security attack technique where malicious instructions are inserted into a prompt, leading the LLM to unintentionally perform actions that may include revealing sensitive information, executing unauthorized actions, or manipulating its output.
Arjun
API Security
6 mins
LLM Risks: Insights & Real-World Case Studies
LLM security involves protecting AI systems like ChatGPT, Bard from potential risks such as biased outputs, malicious use and maintaining privacy in their applications.
Arjun
API Security
7 mins
Insecure Output Handling in LLMs: Insights into OWASP LLM02
This blog is about "Insecure Output Handling" that pertains to the potential risk that may arise when the content generated by an LLM is not adequately sanitized or filtered prior to being presented to the end user.
Arjun
Product updates
3 Mins
Introducing Akto’s GenAI Security Testing Solution
Today, We launched Akto's GenAI Security Testing solution, an unparalleled automated approach that directly addresses LLM Security challenges. The solution is currently in closed beta.
Ankita
News
8 mins
January Newsletter: Added 70+ tests on Test Editor, Akto Developer Security Hub and more
This marks Akto's first newsletter of 2024! We’ve added 70+ Authentication and Authorization tests, making our Test Editor more versatile than ever, enabled Github CI/CD comment and checks, revamped our UI and much more.
Raaga Srinivas
API Security
10 mins
API Security in DevSecOps with Joe Gerber, VP AppSec Wells Fargo
On 18th Jan, 2024, Akto hosted a Webinar on API Security in DevSecOps with Joe Gerber, VP Appsec at Wells-Fargo.
Raaga Srinivas
API Security
6 Mins
SQL Injection Cheat Sheet
A comprehensive guide to SQL Injection vulnerabilities, techniques, and examples. Learn how to exploit different databases and bypass WAF.
Medusa
Product updates
5 mins
Monitor Usage Metrics and Upgrade plans from within the Akto dashboard
Users can now view all their usage metrics within the Akto dashboard. This feature also allows us to show limits as per Akto plans on the pricing page.
Raaga Srinivas
Product updates
5 mins
Import Open API Spec File to Akto
This blog walks you through how to import Open API and Swagger spec files to Akto.
Raaga Srinivas
API security breaches
7 Mins
Cloudflare Hacked Using Auth Tokens Stolen in Okta Attack
Cloudflare's security breach highlights the importance of regular credential rotations and proactive security measures to protect against data breaches.
Medusa
Vulnerabilities
8 Mins
SQL Injection Prevention Cheat Sheet
This blog is a guide that provides best practices and techniques for preventing SQL Injection, which is a common web application vulnerability where an attacker can manipulate SQL queries in order to gain unauthorized access to a database. Learn more about SQL Injection.
Medusa
API security breaches
5 Mins
Security Data Breach: Trello API Misuse Reveals Email Links to 15M Accounts
The Trello API breach exposed email links of 15M accounts. The breach highlights the need for strong rate limiting, authentication, and security assessments to protect user data.
Medusa
News
5 Mins
Top 10 Cyber Security Conference & Events for Appsec in USA to Attend in 2024
Staying updated in cybersecurity is crucial. Attending Appsec cybersecurity events can help you expand your knowledge. Here are the top 10 Appsec events in the US for 2024. Stay ahead in Appsec with these must-attend events.
Medusa
API Security
10 mins
# Top 10 API Security Best Practices You Must Implement
A comprehensive guide on the top 10 API security best practices, covering authentication, encryption, testing, and vulnerability prevention.
Medusa
API Security
6 min
Exploring the OWASP API Top 10: The Leading Security Threats of 2023
The OWASP Top 10 for API 2023 is the latest list released by the Open Web Application Security Project (OWASP). In this blog you will learn what are these top 10 API vulnerabilities and how to protect your APIs against them.
Medusa
Vulnerabilities
5 Mins
Ivanti Zero-Day : Navigating CVE-2024-21887 and CVE-2023-46805 Vulnerabilities
Exploring the recent zero-day vulnerabilities in Ivanti Connect Secure and Policy Secure, and the recommended mitigations for affected organizations.
Medusa
Insights
15 mins
Top 7 API Security Trends to watch in 2024
In this blog, you will learn about the top 7 trends in API Security in 2024 - API Security as a Core Part of DevSecOps, AI driven API Security and more.
Ankita Gupta
News
10 mins
December Newsletter: Akto on AWS Marketplace, Upcoming DevSecOps Webinar and more
Our December newsletter about Akto on AWS marketplace, and major product updates such as Jira and swagger integration, improved SSO capabilities and support on CosmosDB and DocumentDB.
Raaga Srinivas
Product updates
8 mins
Send your API Security findings from Akto to Jira
You can now send all your findings from Akto to Jira and tag developers to each finding.
Raaga Srinivas
Product Updates
5 mins
API Vulnerabilities are now tagged with relevant API CVEs
CVE tagging provides a simple, unique identifier (CVE ID) for each vulnerability, making it easy to access and remediate issues as soon as possible. Read the blog to learn more about CVE tagging in Akto.
Raaga Srinivas
Product Updates
5 mins
Introducing Akto with Helm charts in Kubernetes
You can now deploy Akto using Helm Charts in Kubernetes. Read this blog to learn how to do it and the significance of Helm Chart deployment.
Ankita Gupta
Product Updates
3 mins
Enhanced and Configurable CI/CD and CLI Test runs in Akto
You can now configure test run time, view customized test results and add severity based deployment block in CI/CD and CLI testing. Read to learn more.
Ankita Gupta
Product updates
2 mins
Introducing Webhook Alerts: Receive real-time notification in any app
Learn how to set custom webhook alerts in any app of your choice through Akto.
Ankita Gupta
Announcements
5 mins
Akto is now HIPAA Compliant [Akto for HealthCare]
We are proud to announce that Akto is now HIPAA compliant!
Raaga Srinivas
News
10 mins
November Newsletter: HIPAA Compliance, Akto Academy, New Community Platform
This is Akto's November newsletter blog. This month we bring to you exciting updates on our new Academy resource, community, HIPAA compliance, features, and more.
Raaga Srinivas
API security breaches
10 mins
LinkedIn Data Breach: 500 million Users Data on sale online and 2 million records Leaked
500 million LinkedIn profiles are being offered for sale on a well-known hacker forum, and an additional 2 million records have been leaked as a sample.
Medusa
API security breaches
5 mins
23andMe Data Leak: Brute Force Attack Details and Prevention
In early October 2023, the genomics and biotechnology company 23andMe faced a substantial data breach. Read on to see the attack details and prevention.
Medusa
News
10 mins
October Newsletter: LLM Security Beta, API Security Roadshow and more
This blog is the third monthly newsletter for Akto. Akto's API security newsletter talks about LLM Security beta program, new features launches and lots of exciting updates on events.
Raaga Srinivas
Announcements
10 mins
Akto’s API and LLM Security Roadshow in October - SF, LA, Irvine and DC
Akto is doing a roadshow from October 19 to 30th in 4 cities - San Francisco, Los Angeles, Irvine and Washington DC. Join us for hands on workshops, dinners and talks on API Security, LLM Security and DevSecOps.
Raaga Srinivas
News
10 mins
September 2023 Newsletter: LLM Security Beta, Akto on G2 and more
This blog is the second monthly newsletter for Akto. Akto's API security newsletter talks about beta program, new features launches and upcoming events.
Ankita Gupta
Product updates
5 mins
Introducing Akto CLI : You can now run Akto tests in CLI
You can now run Akto tests directly from the Command-Line Interface (CLI). Akto tests in CLI brings the functionality of Akto into your development workflow.
Ankita Gupta
Product updates
10 mins
Akto Vulnerabilities are now tagged with CWE
Developers and security teams crave a standardized frame of reference for vulnerabilities. CWE bridges the knowledge gap and provides much-needed context.
Ankita Gupta
Product updates
1 min
Login using GitHub is now available to all On premise users
Login using GitHub is now available to all On premise users
Ankita Gupta
API security
15 mins
XML injection vulnerability: Examples, cheatsheet and prevention
XML Injection is a type of attack that targets web applications that generate XML content. Attackers use malicious code to exploit vulnerabilities in XML parsers to manipulate the content of an XML document.
Medusa
Product updates
3 mins
Test Editor is now 2x more efficient: Autocomplete, syntax errors and more..
Added autocomplete, syntax error highlighting and examples snippets in YAML test editor
Ankita Gupta
Product updates
2 mins
First Step towards collaborative reporting: Added export findings as HTML
In order to improve collaboration and help security teams share finding reports amongst each other and developers, we have released a feature called Export as HTML.
Ankita Gupta
News
2 mins
August 2023 Newsletter: New pricing, BlackHat, Test Editor and more..
This blog is the first monthly newsletter for Akto, open source API Security in CI/CD. We have exciting updates to share with you, including new product features and highlights, upcoming events, and recommended readings.
Ankita Gupta
News
5 mins
Conversation with Microsoft’s Avinash Jain: Common API vulnerabilities
This blog is about Akto's first episode of the API Security podcast. Avinash Jain, Security at Microsoft shares his knowledge on common API Security vulnerabilities with Akto.
Raaga Srinivas
Vulnerabilities
10 mins
Clickjacking: Understanding vulnerability, attacks and prevention
Clickjacking ( UI redressing) is a type of attack where a malicious website tricks a user into clicking on something different from what they intended
Medusa
DevSecOps
8 mins
A Developer's Deep Dive into Implementing Content Security Policy (CSP)
Content Security Policy (CSP) is a security mechanism designed to mitigate cross-site scripting (XSS) and other code injection attacks.
Medusa
Vulnerabilities
8 mins
Directory Traversal: A Comprehensive Guide from Basics to Prevention
Directory Traversal vulnerability allows an attacker to access sensitive files or execute commands on the application server.
Medusa
Announcements
1 min
Akto Takes Center Stage at Black Hat 2023 in Las Vegas
Akto team will be presenting at Arsenal at Black Hat USA 2023 in Las Vegas. Come and join the team!
Akto team
Announcements
1 min
Akto's Presentation at Defcon 2023 in Las Vegas
Akto team will be presenting at DEFCON USA 2023 in Las Vegas. Come and join the team!
Akto team
Announcements
2 mins
Akto's Hands-on Workshop at the Bay Area OWASP Meetup in August
Join Akto's co-founders for a hands-on API Security training event at the Bay Area OWASP meetup on August 16, 2023.
Akto team
Vulnerabilities
6 mins
(SSTI) Server-side Template Injection: Explanation, Discovery, Exploitation, and Prevention
Server-side template injection (SSTI) is a vulnerability that can allow attackers to execute arbitrary code on the server.
Medusa
Product updates
5 mins
Introducing Test Editor: Your playground for writing custom API security tests
Akto's test editor is the world's first personalized API security testing tool. It is a simple, fast and scalable way to test APIs for security vulnerabilities.
Ankita Gupta
API security breaches
3 mins
Microsoft Teams Security Alert: IDOR Vulnerability Uncovered in Collaboration Tool
Researchers discovered IDOR vulnerability in Microsoft Teams' IDOR that lets attackers inject malware into any organization.
Medusa
API Security
8 mins
The IDOR Blueprint: A Comprehensive Guide to Identifying and Mitigating Vulnerabilities
IDOR is a type of security vulnerability that is caused by an application's failure to properly validate and authorize user input leading to unauthorized action.
Medusa
API security breaches
9 mins
Exploring Cross-Site Request Forgery (CSRF) vulnerabilities: Still a threat!
CSRF is a type of attack that occurs when a user clicks on a malicious website, email, or another message that causes the user's web browser to perform an unwanted action on a trusted site on which the user is currently authenticated.
Medusa
Founder stories
7 mins
Startup Tools: 25 Must have Tools for Every Early Stage Startup founder and team
Learn about 25 must-have startup tools that early-stage startups can use to improve efficiency. These include internal documentation, collaboration and more..
Ankita Gupta
API Security
9 mins
CORS Vulnerabilities: How Attackers Exploit Cross-Origin Resource Sharing to Steal API Keys
CORS is commonly used to enable web pages to interact with APIs hosted on a different domain than the web page itself.
Medusa
API Security
10 mins read
SQL Injection: A Comprehensive Guide to Understanding SQL Injection Risks
SQL Injection (SQLi) is a type of attack where an attacker injects malicious SQL code into a vulnerable application's database query.
Medusa
Customer case studies
8 mins read
Akto as an API Security Automation Case Study
API Security Automation case study using Akto by Oleg Greb, Visa Security team
Oleg Gryb
API Security
6 mins read
How To Test BOLA by Parameter Pollution Using Akto
In 2016, a security researcher discovered a vulnerability that allowed attackers to bypass Uber's two-factor authentication system and take over accounts by exploiting BOLA via parameter pollution.
Medusa
API Security
8 mins read
BFLA: How to test Broken Function Level Authorization by Changing the HTTP Method Using Akto?
The Equifax data breach in 2017, which exposed the personal information of 143 million individuals, was a result of a vulnerability in the Apache Struts API framework and a broken functionality level authorization (BFLA) in Equifax's web application.
Medusa
Engineering
6 mins read
How to create your own Puppeteer-as-a-service using NodeJS and Puppeteer?
Nearly a month ago we solved a very hard problem for our product, which involved automating auth token generation for a given website involving multiple login steps.
Ayush Agarwal
Product updates
4 min read
Introducing AktoGPT to secure APIs
This blog is about the launch of AktoGPT launch, how AktoGPT unleashes the power of GPT to secure APIs!
Akto team
API Security
5 min read
Mass Assignment Vulnerability: How to Test Mass Assignment in APIs using Akto
This blog is about learning mass assignment vulnerability, how to find it manually, how to test for it using Akto and finally how to prevent it.
Medusa
API Security
10 min read
What's changed in OWASP API Security Top 10 2023 Release Candidate from 2019?
In this blog, we will compare the changes of OWASP API Security Top 10 2019 and OWASP API Security Top 10 2023 release candidate.
Jaydev Ahire
Vulnerabilities
10 min read
XSS: What is Cross-site scripting (XSS) and how to prevent as a developer?
This blog will help developers to understand XSS, its types, how to discover and prevent it. XSS stands for Cross-Site Scripting, a type of vulnerability
Jaydev Ahire
Engineering
2 min read
How to run bash commands on AWS EC2 instance restart ?
In this blog, you will learn how to run bash commands on AWS EC2 instance restart.
Shivansh Agrawal
Vulnerabilities
8 min read
XEE: What is XML External Entity attack (XXE attack) & How to prevent as a developer?
XXE is a vulnerability in XML processing that attackers exploit to access sensitive data. Learn all about XML External Entity attack and how to prevent it.
Jaydev Ahire
Developer best practices
7 min read
Server-Side Request Forgery: Proactive SSRF Prevention Tactics for Developers
In this blog, you will learn how to prevent Server-Side Request Forgery (SSRF) as a developer.
Jaydev Ahire
API security breaches
4 min read
Toyota API Security Data Breach: Unprotected internal endpoint led to privilege escalation
Learn about Toyota API security Breach: Unprotected internal endpoint led to privilege escalation.
Jaydev Ahire
Founder stories
4 min read
Hiring Developers for Your Startup: A Guide to Building Your Early Stage Team
Learn how to hire developers in an early stage startup, written by Akto CTO - Ankush Jain.
Ankush Jain - Co-founder and CTO, Akto
Product updates
2 min read
Introducing Akto - Burp extension 2.0
Learn about Akto's Burp extension in this blog.
Jaydev Ahire
Announcements
8 min read
Akto’s $4.5M funding: What it means?
This blog is about Akto's seed funding announcement.
Ankita Gupta
Announcements
10 min read
Introducing Akto Open Source: Redefining API security
This blog is about our Open source launch, why we went open source and what future holds for Akto Open Source.
Akto Team
API Security
8 min read
What is Broken Object Level Authorization (BOLA)?
Broken Object level Authorization is the most critical vulnerability in OWASP Top 10 of APIs.
Jaydev Ahire
API Security
6 min read
Broken Authentication: What is Broken User Authentication (BUA)?
Broken User Authentication is one of the most critical vulnerability in OWASP Top 10 of APIs.
Jaydev Ahire
API Security
5 min read
How to Test JWT NONE Algorithm Vulnerability?
In this blog, you will learn How to test JWT NONE Algorithm vulnerability using Akto.
Jaydev Ahire
API Security
6 min read
Defending Against BOLA Attacks: Testing Endpoints with Vulnerable User IDs
In this blog you will learn how to test for Broken Object Level Authorization with weak enumerable user IDs.
Jaydev Ahire
API Security
5 min read
Testing UUID Security: Preventing BOLA Exploitation on API Endpoints
This blog is about how to test for BOLA using unauthorized UUID on an API endpoint.
Jaydev Ahire
API security breaches
5 min read
The Lego Hack: How Researchers discovered XSS and SSRF Vulnerabilities
Learn how Researchers discovered XSS and SSRF Vulnerabilities in The Lego Marketplace Hack.
Jaydev Ahire
API security breaches
2 min read
T-Mobile Security Breach: An In-depth Analysis of the API Attack Impacting 37 Million Customers
Learn how How T-Mobile API attack led to 37 million customers' Data breach.
Jaydev Ahire
API security breaches
4 min read
Optus Data Breach : What Happened And How Akto Can Help?
Learn how Optus, the second-largest telecommunications provider in Australia had API security breach.
Jaydev Ahire
API security breaches
5 min read
Florida Data Breach: IDOR Vulnerability Exposes Tax Filers' Personal Information
An IDOR flaw led to the exposure of sensitive bank details of hundreds of Florida taxpayers, causing a significant Florida data breach and highlighting critical vulnerabilities in data security protocols.
Jaydev Ahire
Customer case studies
5 min read
How Curefit solved API security using Akto
In this blog, you will learn how Curefit solved API security using Akto.
Swapnil Sharma, Security engineer at CureFit
Insights
3 min read
Breakdown of HackerOne 2022 Security Report: What it means for API security?
In this blog, we have analyzed 2022 security report from HackerOne for APIs.
Ankita Gupta
Product updates
2 min read
Introducing Akto 60 seconds Deploy
Learn how to deploy Akto in 60 seconds.
Ankita Gupta
Vulnerabilities
3 min read
CVE-2022-23529: RCE vulnerability discovered in JsonWebToken (JWT) library (Revoked)
This blog is about the CVE-2022-23529: RCE vulnerability discovered in JsonWebToken (JWT) library (Revoked).
Jaydev Ahire