New feature: Automated API Discovery from Source Code. Get Access

New feature: Automated API Discovery from Source Code. Get Access

New feature: Automated API Discovery from Source Code. Get Access

Akto Blogs

Akto Introduces New Usage-Based Flexible Pricing Model

Product updates

5 mins

Akto Introduces New Usage-Based Flexible Pricing Model

You can now upgrade your Akto account to our new usage-based pricing model, offering you greater flexibility and value.

Raaga Srinivas

Raaga Srinivas

Web Application Firewall Solutions

API Security

10 minutes

10 Best WAF Solutions

10 best Web Application Firewall (WAF) solutions that filter and monitor web traffic, blocking malicious hackers before they can attack.

Profile Image

Muze

RASP Solutions

API Security

10 minutes

10 Best RASP Solutions

10 Best RASP Solutions that continuously monitor software applications to Identify and protect against threats in real time.

Profile Image

Muze

What is Code Security

API Security

10 minutes

What is Code Security?

Code Security helps to identify and resolve security vulnerabilities in the source code, design, and architecture of software applications.

Profile Image

Muze

What is Vulnerability Assessment

API Security

10 minutes

What is Vulnerability Assessment?

Vulnerability Assessment is the process of identifying and ranking potential security flaws in an organization's system based on their severity.

Profile Image

Muze

What is Security Management

API Security

12 minutes

What is Security Management?

Security Management is the process of protecting an organization's assets from internal, external, and cyber attacks.

Profile Image

Muze

Akto in Gartner Hype Cycles for Application Security and APIs

News

8 mins

Akto in Gartner Hype Cycles for Application Security and APIs

Akto has been featured in 2 of Gartner’s Hype Cycle Reports - for APIs and Application Security and here’s why this matters.

Raaga Srinivas

Raaga Srinivas

10 Best API Gateways

API Security

12 minutes

10 Best API Gateways

An API gateway manages incoming API requests and directs them based on factors such as request path, headers, and query parameters, while covering the internal structure of the application.

Profile Image

Muze

Data Protection Policy

API Security

8 minutes

Data Protection Policy: Key Components and Best Practices

A data protection policy comprises the rules and guidelines an organization follows to ensure compliance with data protection laws.

Profile Image

Muze

Security Champions

API Security

7 minutes

Security Champions Overview

A security champion serves as an extension of the security team and ensures that security is evenly distributed among development teams.

Profile Image

Muze

What is Security Debt

API Security

6 minutes

What Is Security Debt? How Does It Work?

Security debt refers to the increase in minor issues or flaws in an organization's software system, which makes it tougher for the organization to keep its information and systems safe from hackers.

Profile Image

Muze

Security Requirement

API Security

7 minutes

What is Security Requirement?

Security requirements illustrate the specific procedures, controls, and safeguards that protect an organization's sensitive data from cyber threats and data breaches.

Profile Image

Muze

App Security Features

API Security

7 minutes

7 Key Security Features Every Application Should Have

Explore the must-have features that ensure the application maintains availability, stability, integrity, and confidentiality while minimizing the risk of vulnerabilities and security threats.

Profile Image

Muze

Shift-left-testing

API Security

7 minutes

Shift-left-testing & How to Get Started

Shift Level testing helps quickly identify and fix bugs by integrating testing activities earlier in the entire software development lifecycle.

Profile Image

Muze

Secure SDLC

API Security

8 minutes

What is Secure SDLC?

The software development life cycle integrates security measures throughout the development process to address vulnerabilities and protect the organization's sensitive data.

Profile Image

Muze

Application Security Program

API Security

5 minutes

How to Build an Application Security Program

An Application Security Program uses various policies, procedures, and technical measures to protect the organization's software applications from potential security risks and vulnerabilities.

Profile Image

Muze

Security Training and Courses

API Security

9 minutes

10 Best Security Training and Courses

Explore the 10 cybersecurity training courses providing learners with essential skills on how to identify, handle and manage threats, through flexible formats and comprehensive curriculum.

Profile Image

Muze

Security Review

API Security

8 minutes

What is a Security Review? How to Conduct a Security Review?

A security review is a process that thoroughly examines the system or a software application for potential weaknesses and vulnerabilities, and improves the safety of the system.

Profile Image

Muze

API Security Audit

API Security

7 minutes

API Security Audit

An API Security Audit evaluates APIs, identifies potential risks, and strengthens the organization's defenses against security breaches and cyber-attacks.

Profile Image

Muze

NIST Cybersecurity Framework

API Security

8 minutes

NIST Cybersecurity Framework

The NIST Cybersecurity framework provides organizations with a set of standards, guidelines, and practices to develop strong cybersecurity practices for managing cybersecurity risks effectively.

Profile Image

Muze

OWASP Rating Methodology

API Security

6 minutes

OWASP Risk Rating Methodology

The OWASP Risk Rating Methodology assigns a rating to the identified risks by considering the likelihood of the risk and its potential impact on the organization.

Profile Image

Muze

Cyber Resilience Act

API Security

6 minutes

Cyber Resilience Act (CRA)

The Cyber Resilience Act ensures the safety of the organization's digital world from online dangers like hackers, including threats like SQL injection and XSS.

Profile Image

Muze

What is OWASP SAMM

API Security

7 minutes

What is OWASP SAMM?

OWASP SAMM (Software Assurance Maturity Model) enhances the security posture of organizations by reducing vulnerabilities and safeguarding sensitive data from cyber threats.

Profile Image

Muze

What is NIST 800-53

API Security

8 minutes

What is NIST 800-53? A Complete Guide to Compliance

NIST 800-53 is a framework providing security and privacy controls to safeguard sensitive information and creating a culture of security awareness in organizations.

Profile Image

Muze

LockBit Ransomware

API Security

6 minutes

LockBit Ransomware: Its History and How It Works

LockBit Ransomware is a malicious software that hackers use to encrypt files and threaten organizations with the deletion or leakage of the files if they do not pay the ransom.

Profile Image

Muze

Trello Data Breach

API Security

3 minutes

Trello Data Breach: 15 Million Email Addresses Exposed

Trello's Data Breach exposed 15 million email addresses of users due to an unsecured API.

Profile Image

Muze

Twilio Data Breach

API Security

3 minutes

Twilio Data Breach: 33 Million Authy User Phone Numbers Exposed

Twilio's data breach exposed 33 million Authy user phone numbers because of an unauthenticated endpoint.

Profile Image

Insha

Dynamic White Box Testing

API Security

10 minutes

Dynamic White Box Testing Guide - Key Features, Levels and Examples

Dynamic White Box Testing is a strategy in which the tester is aware of the internal structure of the application under test.

Profile Image

Muze

DAST Black Box Testing

API Security

8 minutes

DAST Black Box Testing: Types of Black Box Testing and How it works

Black Box Testing is a methodology where the internal workings of the system under test are unknown to the tester.

Profile Image

Muze

ZAP DAST

API Security

12 minutes

What is ZAP DAST: Step-by-Step Guide to Installing ZAP DAST

ZAP DAST secures your web applications during runtime from security vulnerabilities by mimicking the actions of a malicious attacker.

Profile Image

Muze

Github DAST

API Security

10 minutes

GitHub DAST: Key Features, Setting Up GitHub DAST, and Its Use Cases

GitHub DAST protects your web applications from security vulnerabilities by simulating attacks on web applications while it is running.

Profile Image

Muze

Burp Suite DAST

API Security

12 minutes

Burp Suite DAST Overview: How Burp Suite Operates

Burp Suite DAST protects your web applications from security vulnerabilities by simulating the actions of a malicious attacker.

Profile Image

Muze

Tenable DAST

API Security

12 minutes

How Tenable DAST Works and How Organizations Use It

Tenable DAST is a tool designed to protect modern applications including those reliant on javascript and AJAX frameworks from online threats.

Profile Image

Muze

Rapid7 DAST

API Security

10 minutes

Rapid7 DAST: Steps to Install and Configure Rapid7 DAST

Rapid7 DAST is a tool that analyzes web applications to identify potential security vulnerabilities.

Profile Image

Muze

Qualys DAST

API Security

10 minutes

How Qualys DAST Works? The Key Features of Qualys DAST

Qualys DAST is a tool that checks running applications from outside to inspect security flaws.

Profile Image

Muze

What is Snyk DAST?

API Security

9 minutes

How to Use Snyk DAST? Integrating Snyk DAST into Your CI/CD Pipeline

Snyk DAST examines your applications in real-time from outside to find possible security issues.

Profile Image

Muze

DAST Gartner

API Security

9 minutes

DAST Gartner: How Gartner’s Magic Quadrant for DAST Works and Its Impact

DAST Gartner protects your applications from security vulnerabilities by simulating attacks in real time.

Profile Image

Muze

OWASP DAST

API Security

10 minutes

OWASP Dynamic Application Security Testing (DAST): Key Features, Projects, and Limitations

OWASP DAST is a tool designed to uncover security flaws in your live application by simulating external attacks.

Profile Image

Muze

Synopsys DAST - WhiteHat DAST

API Security

10 minutes

Synopsys DAST or WhiteHat DAST: Integrating Synopsys DAST with CI/CD Pipelines

Synopsys DAST or WhiteHat DAST secures your running web applications from potential vulnerabilities by simulating real-world attacks.

Profile Image

Muze

Invicti DAST

API Security

8 minutes

Invicti DAST: Configuring a Scan and How Scanning Works in Invicti DAST

Invicti DAST is a tool designed to identify security vulnerabilities in websites and web applications by simulating real-world attacks.

Profile Image

Muze

What is Fortify DAST?

API Security

8 minutes

The Role of Fortify DAST in Scanning and WebInspect Installation

Fortify DAST secures your deployed web applications and services from potential vulnerabilities by simulating attacks.

Profile Image

Muze

What is Veracode DAST?

API Security

8 minutes

Guide of Veracode DAST: Essentials, Documentation and Pricing

Veracode DAST simulates external attacks to check your web applications and APIs for security vulnerabilities.

Profile Image

Muze

What is Checkmarx DAST?

API Security

10 minutes

Checkmarx Dynamic Application Security Testing (DAST): How the Checkmarx DAST Scan Works

Checkmarx DAST examines your live web applications and APIs for security issues by mimicking real-world attacks.

Profile Image

Muze

What is GitLab DAST?

API Security

10 minutes

GitLab DAST: Template Setup, Authentication, and Step-by-Step Scanning Guide

GitLab DAST is a tool that simulates attacks on your web applications to protect them from potential security issues.

Profile Image

Muze

2024 Market Guide for API Protection: Akto featured by Gartner

News

8 mins

2024 Market Guide for API Protection: Akto featured by Gartner

The Gartner Market Guide on API Protection reveals top insights on the market direction and tools that you should be using in your DevSecOps pipeline.

Raaga Srinivas

Raaga Srinivas

May Newsletter

News

8 mins

May Product News: Akto on Hybrid SaaS, Mass Assignment Testing on GraphQL APIs, and more

This edition of Akto’s newsletter talks about improvements to API inventory dashboard, deploying Akto on a Hybrid SaaS Model and much more

Raaga Srinivas

Raaga Srinivas

All User Configurations in a Single Screen

Product updates

6 mins

All User Configurations in a Single Screen

With this single screen, managing user configurations becomes more streamlined and efficient. By providing visibility into all user settings and configurations in one place, Akto empowers you to carry out API security testing more effectively and accurately.

Raaga Srinivas

Raaga Srinivas

[New Test] Protect Your GraphQL APIs through Mass Assignment Testing

Product updates

8 mins

[New Test] Protect Your GraphQL APIs through Mass Assignment Testing

Akto has developed a test template to secure these APIs against Mass Assignment vulnerabilities. See how to test for this using Akto’s Test Editor.

Raaga Srinivas

Raaga Srinivas

Deploy Akto on a Hybrid SaaS Model

Product updates

6 mins

Deploy Akto on a Hybrid SaaS Model

You can now deploy Akto on a Hybrid SaaS Model! This model allows you to take advantage of the scalability and cost-efficiency of SaaS while retaining control over specific aspects of your software environment.

Raaga Srinivas

Raaga Srinivas

Akto’s Spring Roadshow: A Retrospective

News

5 mins

Akto’s Spring Roadshow: A Retrospective

Akto had an incredible round of conferences, talks, and workshops in April and May! Here are some highlights from our experience.

Raaga Srinivas

Raaga Srinivas

April Product News: API Access Type-Based Testing, Removing Bad Endpoints, and more

News

6 mins

April Product News: API Access Type-Based Testing, Removing Bad Endpoints, and more

This edition of Akto’s newsletter talks about changes to your dashboard and tests that think about your API Security Testing from a 360-degree view.

Raaga Srinivas

Raaga Srinivas

[Akto Tests] Are your Private APIs exposed to the Public?

Product updates

5 mins

Akto Tests: Are your Private APIs exposed to the Public?

Akto now lets you conduct API Security testing based on the Access Type of an API Endpoint.

Raaga Srinivas

Raaga Srinivas

March Newsletter

News

7 mins

March Product News: 98 New Tests, Dynamic wordlists, and more

This edition of Akto’s newsletter is packed with new features and tests that will greatly decrease your API Security testing time and increase targeted testing.

Raaga Srinivas

Raaga Srinivas

swagger and postman file import error

Product updates

5 mins

Detailed Errors on Postman and Swagger File Import

Akto now replays APIs to automatically get data during an import of Postman and Swagger files and transparently displays reasons why each specific API couldn't be replayed in the case of an error.

Raaga Srinivas

Raaga Srinivas

Added 98 Tests

Product updates

5 mins

Added 98 New API Security Tests across 5 OWASP categories

Akto has introduced new tests across several categories including BOLA, Broken Authentication, Unrestricted Resource Consumption, BFLA, and SSRF that you can explore with Akto’s Test Editor.

Raaga Srinivas

Raaga Srinivas

Improper Inventory Management

Product updates

5 mins

3 New Ways to Detect Improper API Inventory, OWASP API9:2023

Akto has introduced new features related to Improper Inventory Management that allow you to organize your inventory with tags and recognize hidden APIs to better your security testing.

Raaga Srinivas

Raaga Srinivas

Dynamic Wordlists

Product updates

5 mins

New Feature: Targeted API Security Testing with Dynamic Wordlists

Akto now uses dynamic wordlists to perform targeted API Security testing that significantly decreases test times and reduces false positives.

Raaga Srinivas

Raaga Srinivas

Developer best practices

Developer best practices

12 mins

Top 34 Cyber security Certifications to Grow Your Career

This guide provides an overview of 34 of the most popular and respected cybersecurity certifications. We have organized them by career stage and specialism, so you can easily find the ones that are most relevant to you.

Author Medusa

Medusa

Roku Data Breach

API security breaches

6 mins

Roku Data Breach - 15000 Customers affected!

Roku revealed a data breach that affected more than 15,000 customers for unauthorized purchases of hardware and streaming subscriptions.

Medusa Author

Medusa

February product News

News

5 mins

February Product News: Akto’s Istio Connector, Sensitive Data in URLs and more

This is the February product newsletter for Akto. This month, we launched some exciting features, including Akto’s Istio Traffic Connector, Sensitive Data Detection in URLs and more.

Raaga Srinivas

Raaga Srinivas

New Feature: Detect Sensitive Data in URLs with Akto

Product updates

8 mins

New Feature: Detect Sensitive Data in URLs with Akto

Akto now simplifies the process of detecting sensitive data types in URLs in an automated way from our pre-existing repository of regular expressions so that your development teams can instantly resolve the vulnerabilities. See how!

Raaga Srinivas

Raaga Srinivas

Introducing Test Roles for Authorization Testing with Akto

Product updates

10 mins

Introducing Test Roles for Authorization Testing with Akto

In API security, authorization tests involve checking if the access control measures in place are working effectively. So it’s important for you to test for the eventuality of this vulnerability by using the authorization tokens of different ‘roles’, and you can do this with Akto.

Raaga Srinivas

Raaga Srinivas

SEO Poisoning

News

7 mins

FCKeditor Exploit: How Open Redirect Vulnerabilities Fuel SEO Poisoning

The attackers exploited open redirect requests associated with FCKeditor, a web text editor that used to be popular.

Medusa Author

Medusa

NIST Cybersecurity Framework

News

8 Min

NIST Releases Version 2.0 : 6 Key Features of NIST CyberSecurity Framework 2.0

Explore the key features and effective implementation of the NIST Cybersecurity Framework 2.0. This comprehensive guide provides insights on managing cybersecurity risks in organizations of all sizes and sectors.

Ankita - Akto CEO

Ankita

Trending API 2023

Insights

6 mins

CVE-2023-35078: A Deep Dive into Protecting Your APIs from Emerging Vulnerabilities

Uncover top API vulnerabilities and CVEs from 2023 including CVE-2023-35078, CVE-2023-23752 and CVE-2023-49103.

Author Medusa

Medusa

Prompt Injection

API Security

5 mins

Prompt Injection Vulnerabilities in LLMs: An Overview of OWASP LLM01

Prompt injection in Large Language Models (LLMs) is a security attack technique where malicious instructions are inserted into a prompt, leading the LLM to unintentionally perform actions that may include revealing sensitive information, executing unauthorized actions, or manipulating its output.

Arjun

LLM Model Risks

API Security

6 mins

LLM Risks: Insights & Real-World Case Studies

LLM security involves protecting AI systems like ChatGPT, Bard from potential risks such as biased outputs, malicious use and maintaining privacy in their applications.

Arjun

Insecure Output Handling

API Security

7 mins

Insecure Output Handling in LLMs: Insights into OWASP LLM02

This blog is about "Insecure Output Handling" that pertains to the potential risk that may arise when the content generated by an LLM is not adequately sanitized or filtered prior to being presented to the end user.

Arjun Author

Arjun

Akto GenAI Security Platform

Product updates

3 Mins

Introducing Akto’s GenAI Security Testing Solution

Today, We launched Akto's GenAI Security Testing solution, an unparalleled automated approach that directly addresses LLM Security challenges. The solution is currently in closed beta.

Author image

Ankita

January Newsletter

News

8 mins

January Newsletter: Added 70+ tests on Test Editor, Akto Developer Security Hub and more

This marks Akto's first newsletter of 2024! We’ve added 70+ Authentication and Authorization tests, making our Test Editor more versatile than ever, enabled Github CI/CD comment and checks, revamped our UI and much more.

Raaga Srinivas

Raaga Srinivas

API Security in DevSecOps with Joe Gerber

API Security

10 mins

API Security in DevSecOps with Joe Gerber, VP AppSec Wells Fargo

On 18th Jan, 2024, Akto hosted a Webinar on API Security in DevSecOps with Joe Gerber, VP Appsec at Wells-Fargo.

Raaga Srinivas

Raaga Srinivas

SQL Injection Cheet Sheet

API Security

6 Mins

SQL Injection Cheat Sheet

A comprehensive guide to SQL Injection vulnerabilities, techniques, and examples. Learn how to exploit different databases and bypass WAF.

Medusa Author

Medusa

Monitor Usage Metrics Akto

Product updates

5 mins

Monitor Usage Metrics and Upgrade plans from within the Akto dashboard

Users can now view all their usage metrics within the Akto dashboard. This feature also allows us to show limits as per Akto plans on the pricing page.

Raaga Srinivas

Raaga Srinivas

Akto and OpenAPI

Product updates

5 mins

Import Open API Spec File to Akto

This blog walks you through how to import Open API and Swagger spec files to Akto.

Raaga Srinivas

Raaga Srinivas

Cloudflare attack

API security breaches

7 Mins

Cloudflare Hacked Using Auth Tokens Stolen in Okta Attack

Cloudflare's security breach highlights the importance of regular credential rotations and proactive security measures to protect against data breaches.

Medusa Author

Medusa

SQLInection Prevention Cheat Sheet

Vulnerabilities

8 Mins

SQL Injection Prevention Cheat Sheet

This blog is a guide that provides best practices and techniques for preventing SQL Injection, which is a common web application vulnerability where an attacker can manipulate SQL queries in order to gain unauthorized access to a database. Learn more about SQL Injection.

Medusa Author

Medusa

Trello Security Breach

API security breaches

5 Mins

Security Data Breach: Trello API Misuse Reveals Email Links to 15M Accounts

The Trello API breach exposed email links of 15M accounts. The breach highlights the need for strong rate limiting, authentication, and security assessments to protect user data.

Medusa Author

Medusa

Top 10 Cybersecurity Events in USA

News

5 Mins

Top 10 Cyber Security Conference & Events for Appsec in USA to Attend in 2024

Staying updated in cybersecurity is crucial. Attending Appsec cybersecurity events can help you expand your knowledge. Here are the top 10 Appsec events in the US for 2024. Stay ahead in Appsec with these must-attend events.

Medusa Author

Medusa

Top 10 Best API Security Practices

API Security

10 mins

# Top 10 API Security Best Practices You Must Implement

A comprehensive guide on the top 10 API security best practices, covering authentication, encryption, testing, and vulnerability prevention.

Medusa-author

Medusa

OWASP Top 10 API Security Threats 2023

API Security

6 min

Exploring the OWASP API Top 10: The Leading Security Threats of 2023

The OWASP Top 10 for API 2023 is the latest list released by the Open Web Application Security Project (OWASP). In this blog you will learn what are these top 10 API vulnerabilities and how to protect your APIs against them.

Medusa Author

Medusa

ivanti Secure Vulnerabilities

Vulnerabilities

5 Mins

Ivanti Zero-Day : Navigating CVE-2024-21887 and CVE-2023-46805 Vulnerabilities

Exploring the recent zero-day vulnerabilities in Ivanti Connect Secure and Policy Secure, and the recommended mitigations for affected organizations.

Medusa-Author

Medusa

Top 7 trends in API Security

Insights

15 mins

Top 7 API Security Trends to watch in 2024

In this blog, you will learn about the top 7 trends in API Security in 2024 - API Security as a Core Part of DevSecOps, AI driven API Security and more.

Ankita Gupta

Ankita Gupta

Akto december newsletter

News

10 mins

December Newsletter: Akto on AWS Marketplace, Upcoming DevSecOps Webinar and more

Our December newsletter about Akto on AWS marketplace, and major product updates such as Jira and swagger integration, improved SSO capabilities and support on CosmosDB and DocumentDB.

Raaga Srinivas

Raaga Srinivas

Akto and Jira

Product updates

8 mins

Send your API Security findings from Akto to Jira

You can now send all your findings from Akto to Jira and tag developers to each finding.

Raaga Srinivas

Raaga Srinivas

APIs tagged with CVEs

Product Updates

5 mins

API Vulnerabilities are now tagged with relevant API CVEs

CVE tagging provides a simple, unique identifier (CVE ID) for each vulnerability, making it easy to access and remediate issues as soon as possible. Read the blog to learn more about CVE tagging in Akto.

Raaga Srinivas

Raaga Srinivas

Akto Helm chart

Product Updates

5 mins

Introducing Akto with Helm charts in Kubernetes

You can now deploy Akto using Helm Charts in Kubernetes. Read this blog to learn how to do it and the significance of Helm Chart deployment.

Ankita Gupta

Ankita Gupta

Enhanced CI/CD tests runs

Product Updates

3 mins

Enhanced and Configurable CI/CD and CLI Test runs in Akto

You can now configure test run time, view customized test results and add severity based deployment block in CI/CD and CLI testing. Read to learn more.

Author Image

Ankita Gupta

Webhook Alerts in Akto

Product updates

2 mins

Introducing Webhook Alerts: Receive real-time notification in any app

Learn how to set custom webhook alerts in any app of your choice through Akto.

Author image

Ankita Gupta

Akto HIPAA

Announcements

5 mins

Akto is now HIPAA Compliant [Akto for HealthCare]

We are proud to announce that Akto is now HIPAA compliant!

Raaga Srinivas

Raaga Srinivas

November Newsletter

News

10 mins

November Newsletter: HIPAA Compliance, Akto Academy, New Community Platform

This is Akto's November newsletter blog. This month we bring to you exciting updates on our new Academy resource, community, HIPAA compliance, features, and more.

Raaga Srinivas

Raaga Srinivas

LinkedIn Data Breach

API security breaches

10 mins

LinkedIn Data Breach: 500 million Users Data on sale online and 2 million records Leaked

500 million LinkedIn profiles are being offered for sale on a well-known hacker forum, and an additional 2 million records have been leaked as a sample.

Medusa

Medusa

23andMe Data Breach

API security breaches

5 mins

23andMe Data Leak: Brute Force Attack Details and Prevention

In early October 2023, the genomics and biotechnology company 23andMe faced a substantial data breach. Read on to see the attack details and prevention.

Medusa

Medusa

October Newsletter, 2023

News

10 mins

October Newsletter: LLM Security Beta, API Security Roadshow and more

This blog is the third monthly newsletter for Akto. Akto's API security newsletter talks about LLM Security beta program, new features launches and lots of exciting updates on events.

Raaga Srinivas

Raaga Srinivas

Akto Roadshow

Announcements

10 mins

Akto’s API and LLM Security Roadshow in October - SF, LA, Irvine and DC

Akto is doing a roadshow from October 19 to 30th in 4 cities - San Francisco, Los Angeles, Irvine and Washington DC. Join us for hands on workshops, dinners and talks on API Security, LLM Security and DevSecOps.

Raaga Srinivas

Raaga Srinivas

September Newsletter

News

10 mins

September 2023 Newsletter: LLM Security Beta, Akto on G2 and more

This blog is the second monthly newsletter for Akto. Akto's API security newsletter talks about beta program, new features launches and upcoming events.

Ankita Gupta

Ankita Gupta

Introducing Akto in CLI

Product updates

5 mins

Introducing Akto CLI : You can now run Akto tests in CLI

You can now run Akto tests directly from the Command-Line Interface (CLI). Akto tests in CLI brings the functionality of Akto into your development workflow.

Ankita Gupta

Vulnerabilities are now tagged with CWE

Product updates

10 mins

Akto Vulnerabilities are now tagged with CWE

Developers and security teams crave a standardized frame of reference for vulnerabilities. CWE bridges the knowledge gap and provides much-needed context.

Ankita Gupta - Akto's CEO

Ankita Gupta

Login via github

Product updates

1 min

Login using GitHub is now available to all On premise users

Login using GitHub is now available to all On premise users

Author profile

Ankita Gupta

XML Injection: examples, cheatsheet and prevention

API security

15 mins

XML injection vulnerability: Examples, cheatsheet and prevention

XML Injection is a type of attack that targets web applications that generate XML content. Attackers use malicious code to exploit vulnerabilities in XML parsers to manipulate the content of an XML document.

Author Image

Medusa

Test Editor new features

Product updates

3 mins

Test Editor is now 2x more efficient: Autocomplete, syntax errors and more..

Added autocomplete, syntax error highlighting and examples snippets in YAML test editor

Author image

Ankita Gupta

Collborative reporting

Product updates

2 mins

First Step towards collaborative reporting: Added export findings as HTML

In order to improve collaboration and help security teams share finding reports amongst each other and developers, we have released a feature called Export as HTML.

Author image

Ankita Gupta

August newsletter

News

2 mins

August 2023 Newsletter: New pricing, BlackHat, Test Editor and more..

This blog is the first monthly newsletter for Akto, open source API Security in CI/CD. We have exciting updates to share with you, including new product features and highlights, upcoming events, and recommended readings.

Ankita Gupta

API Security podcast with Avinash

News

5 mins

Conversation with Microsoft’s Avinash Jain: Common API vulnerabilities

This blog is about Akto's first episode of the API Security podcast. Avinash Jain, Security at Microsoft shares his knowledge on common API Security vulnerabilities with Akto.

Raaga Srinivas

Clickjacking vulnerability

Vulnerabilities

10 mins

Clickjacking: Understanding vulnerability, attacks and prevention

Clickjacking ( UI redressing) is a type of attack where a malicious website tricks a user into clicking on something different from what they intended

Author image

Medusa

Content Security Policy (CSP)

DevSecOps

8 mins

What is Content Security Policy (CSP)?

Content Security Policy (CSP) is a security mechanism designed to mitigate cross-site scripting (XSS) and other code injection attacks.

Author image

Medusa

Directory Traversal vulnerability

Vulnerabilities

8 mins

Directory Traversal: A Comprehensive Guide from Basics to Prevention

Directory Traversal vulnerability allows an attacker to access sensitive files or execute commands on the application server.

Author Image

Medusa

Akto and BlackHat

Announcements

1 min

Akto Takes Center Stage at Black Hat 2023 in Las Vegas

Akto team will be presenting at Arsenal at Black Hat USA 2023 in Las Vegas. Come and join the team!

Akto

Akto team

Akto and DefCon

Announcements

1 min

Akto's Presentation at Defcon 2023 in Las Vegas

Akto team will be presenting at DEFCON USA 2023 in Las Vegas. Come and join the team!

Akto

Akto team

Akto and OWASP workshop

Announcements

2 mins

Akto's Hands-on Workshop at the Bay Area OWASP Meetup in August

Join Akto's co-founders for a hands-on API Security training event at the Bay Area OWASP meetup on August 16, 2023.

Akto

Akto team

SSTI vulnerability

Vulnerabilities

6 mins

(SSTI) Server-side Template Injection: Explanation, Discovery, Exploitation, and Prevention

Server-side template injection (SSTI) is a vulnerability that can allow attackers to execute arbitrary code on the server.

Author

Medusa

test-editor

Product updates

5 mins

Introducing Test Editor: Your playground for writing custom API security tests

Akto's test editor is the world's first personalized API security testing tool. It is a simple, fast and scalable way to test APIs for security vulnerabilities.

Ankita Gupta

IDOR Vulnerability

API security breaches

3 mins

Microsoft Teams Security Alert: IDOR Vulnerability Uncovered in Collaboration Tool

Researchers discovered IDOR vulnerability in Microsoft Teams' IDOR that lets attackers inject malware into any organization.

Author Image

Medusa

API Security

8 mins

What is IDOR? Insecure direct object reference

IDOR is a type of security vulnerability that is caused by an application's failure to properly validate and authorize user input leading to unauthorized action.

Author Image

Medusa

Exploring CSRF

API security breaches

9 mins

Exploring Cross-Site Request Forgery (CSRF) vulnerabilities: Still a threat!

CSRF is a type of attack that occurs when a user clicks on a malicious website, email, or another message that causes the user's web browser to perform an unwanted action on a trusted site on which the user is currently authenticated.

Medusa

top-25-tools-for-startup

Founder stories

7 mins

Startup Tools: 25 Must have Tools for Every Early Stage Startup founder and team

Learn about 25 must-have startup tools that early-stage startups can use to improve efficiency. These include internal documentation, collaboration and more..

Ankita Gupta - CEO of Akto

Ankita Gupta

CORS vulnerability

API Security

9 mins

CORS Vulnerabilities: How Attackers Exploit Cross-Origin Resource Sharing to Steal API Keys

CORS is commonly used to enable web pages to interact with APIs hosted on a different domain than the web page itself.

Medusa

SQL Inection

API Security

10 mins read

SQL Injection: A Comprehensive Guide to Understanding SQL Injection Risks

SQL Injection (SQLi) is a type of attack where an attacker injects malicious SQL code into a vulnerable application's database query.

Author Image

Medusa

akto-case-study

Customer case studies

8 mins read

Akto as an API Security Automation Case Study

API Security Automation case study using Akto by Oleg Greb, Visa Security team

Oleg Gryb - Block

Oleg Gryb

test-BOLA

API Security

6 mins read

How To Test BOLA by Parameter Pollution Using Akto

In 2016, a security researcher discovered a vulnerability that allowed attackers to bypass Uber's two-factor authentication system and take over accounts by exploiting BOLA via parameter pollution.

Medusa

Test-BFLA-using-Akto

API Security

8 mins read

BFLA: How to test Broken Function Level Authorization by Changing the HTTP Method Using Akto?

The Equifax data breach in 2017, which exposed the personal information of 143 million individuals, was a result of a vulnerability in the Apache Struts API framework and a broken functionality level authorization (BFLA) in Equifax's web application.

Medusa

puppeteer-nodejs

Engineering

6 mins read

How to create your own Puppeteer-as-a-service using NodeJS and Puppeteer?

Nearly a month ago we solved a very hard problem for our product, which involved automating auth token generation for a given website involving multiple login steps.

Ayush Agarwal

AktoGPT-Secure-API

Product updates

4 min read

Introducing AktoGPT to secure APIs

This blog is about the launch of AktoGPT launch, how AktoGPT unleashes the power of GPT to secure APIs!

Akto team

Test mass assignment vulnerability

API Security

5 min read

Mass Assignment Vulnerability: How to Test Mass Assignment in APIs using Akto

This blog is about learning mass assignment vulnerability, how to find it manually, how to test for it using Akto and finally how to prevent it.

Medusa

top-10-owasp-apisecurity-2019

API Security

10 min read

What's changed in OWASP API Security Top 10 2023 Release Candidate from 2019?

In this blog, we will compare the changes of OWASP API Security Top 10 2019 and OWASP API Security Top 10 2023 release candidate.

Author Image

Jaydev Ahire

What-is-XSS

Vulnerabilities

10 min read

XSS: What is Cross-site scripting (XSS) and how to prevent as a developer?

This blog will help developers to understand XSS, its types, how to discover and prevent it. XSS stands for Cross-Site Scripting, a type of vulnerability

Author Image

Jaydev Ahire

bash-command-on-AWS

Engineering

2 min read

How to run bash commands on AWS EC2 instance restart ?

In this blog, you will learn how to run bash commands on AWS EC2 instance restart.

Shivansh Agrawal

XML-External-entity

Vulnerabilities

8 min read

XEE: What is XML External Entity attack (XXE attack) & How to prevent as a developer?

XXE is a vulnerability in XML processing that attackers exploit to access sensitive data. Learn all about XML External Entity attack and how to prevent it.

Author Image

Jaydev Ahire

Prevent-SSRF

Developer best practices

7 min read

Server-Side Request Forgery: Proactive SSRF Prevention Tactics for Developers

In this blog, you will learn how to prevent Server-Side Request Forgery (SSRF) as a developer.

Jaydev Ahire

Toyota-Breach

API security breaches

4 min read

Toyota API Security Data Breach: Unprotected internal endpoint led to privilege escalation

Learn about Toyota API security Breach: Unprotected internal endpoint led to privilege escalation.

Jaydev Ahire

how-to-hire-developers

Founder stories

4 min read

Hiring Developers for Your Startup: A Guide to Building Your Early Stage Team

Learn how to hire developers in an early stage startup, written by Akto CTO - Ankush Jain.

Ankush Jain - Co-founder and CTO, Akto

Akto-burp-extension

Product updates

2 min read

Introducing Akto - Burp extension 2.0

Learn about Akto's Burp extension in this blog.

Jaydev Ahire

Akto-seed-funding

Announcements

8 min read

Akto’s $4.5M funding: What it means?

This blog is about Akto's seed funding announcement.

Ankita Gupta

Akto-open-source

Announcements

10 min read

Introducing Akto Open Source: Redefining API security

This blog is about our Open source launch, why we went open source and what future holds for Akto Open Source.

Akto team

Akto Team

Top-10-OWASP-API-Security

API Security

8 min read

What is Broken Object Level Authorization (BOLA)?

Broken Object level Authorization is the most critical vulnerability in OWASP Top 10 of APIs.

Jaydev Ahire

What-is-BUA

API Security

6 min read

Broken Authentication: What is Broken User Authentication (BUA)?

Broken User Authentication is one of the most critical vulnerability in OWASP Top 10 of APIs.

Jaydev Ahire

How to test JWT-NONE Algorithm

API Security

5 min read

How to Test JWT NONE Algorithm Vulnerability?

In this blog, you will learn How to test JWT NONE Algorithm vulnerability using Akto.

Jaydev Ahire

Jaydev Ahire

BOLA-Test-Case-1

API Security

6 min read

Defending Against BOLA Attacks: Testing Endpoints with Vulnerable User IDs

In this blog you will learn how to test for Broken Object Level Authorization with weak enumerable user IDs.

Jaydev Ahire

Bola Test Case

API Security

5 min read

Testing UUID Security: Preventing BOLA Exploitation on API Endpoints

This blog is about how to test for BOLA using unauthorized UUID on an API endpoint.

Jaydev Ahire

Jaydev Ahire

Lego-marketplace-hack

API security breaches

5 min read

The Lego Hack: How Researchers discovered XSS and SSRF Vulnerabilities

Learn how Researchers discovered XSS and SSRF Vulnerabilities in The Lego Marketplace Hack.

Jaydev Ahire

T-mobile-data-breach

API security breaches

2 min read

T-Mobile Security Breach: An In-depth Analysis of the API Attack Impacting 37 Million Customers

Learn how How T-Mobile API attack led to 37 million customers' Data breach.

Jaydev Ahire

Optus breach

API security breaches

4 min read

Optus Data Breach : What Happened And How Akto Can Help?

Learn how Optus, the second-largest telecommunications provider in Australia had API security breach.

Jaydev Ahire

Florida Data Breach: IDOR vulnerability

API security breaches

5 min read

Florida Data Breach: IDOR Vulnerability Exposes Tax Filers Personal Information

An IDOR flaw led to the exposure of sensitive bank details of hundreds of Florida taxpayers, causing a significant Florida data breach and highlighting critical vulnerabilities in data security protocols.

Jaydev Ahire

Curefit-Akto-casestudy

Customer case studies

5 min read

How Curefit solved API security using Akto

In this blog, you will learn how Curefit solved API security using Akto.

Swapnil Sharma, Security engineer at CureFit

Hackerone-2022-report

Insights

3 min read

Breakdown of HackerOne 2022 Security Report: What it means for API security?

In this blog, we have analyzed 2022 security report from HackerOne for APIs.

Ankita Gupta

how to deploy Akto in 60 seconds

Product updates

2 min read

Introducing Akto 60 seconds Deploy

Learn how to deploy Akto in 60 seconds.

Ankita Gupta

CVE-2022-23529

Vulnerabilities

3 min read

CVE-2022-23529: RCE vulnerability discovered in JsonWebToken (JWT) library (Revoked)

This blog is about the CVE-2022-23529: RCE vulnerability discovered in JsonWebToken (JWT) library (Revoked).

Jaydev Ahire