WE HAVE RAISED A $4.5M SEED 🚀
OUR STORY
Product
Docs
Blog
Pricing
Hackfest
Community
Start free
Top Stories
March 31, 2023
How to Test Mass Assignment in APIs using Akto
This blog is about learning mass assignment vulnerability, how to find it manually, how to test for it using Akto and finally how to prevent it.
Read full post
March 24, 2023
What is Cross-site scripting (XSS) and how to prevent as a developer?
This blog will help developers to understand XSS, its types, how to discover and prevent it. XSS stands for Cross-Site Scripting, a type of vulnerability
Read full post
March 17, 2023
What's changed in OWASP API Security Top 10 2023 Release Candidate from 2019?
In this blog, we will compare the changes of OWASP API Security Top 10 2019 and OWASP API Security Top 10 2023 release candidate.
Read full post
February 27, 2023
What is XML External Entity attack (XXE attack) & How to prevent as a developer?
XXE is a vulnerability in XML processing that attackers exploit to access sensitive data. Learn all about XML External Entity attack and how to prevent it.
Read full post
February 14, 2023
Introducing Akto - Burp extension 2.0
Say goodbye to tedious and time-consuming pen-testing workflows with Akto's Burp extens...
Read full post
February 13, 2023
Toyota API security Breach: Unprotected internal endpoint led to privilege escalation
Read full post
February 9, 2023
How to hire developers in an early stage startup?
Someone asked me this question recently and while I was giving him the answer, I thought..
Read full post
February 8, 2023
How to prevent Server-Side Request Forgery (SSRF) as a developer?
Server-Side Request Forgery (SSRF) is a type of web application vulnerability that allow..
Read full post
February 6, 2023
How to run bash commands on AWS EC2 instance restart ?
Amazon EC2 instances are great for many kinds of workloads. Amazon provides the option to
Read full post
January 31, 2023
Introducing Akto Open Source: Redefining API security
30 million devs today use APIs everyday to build beautiful software applications...
Read full post
January 25, 2023
How to test JWT NONE Algorithm vulnerability?
The JWT None algorithm attack is a type of vulnerability that arises when a JWT is signed
Read full post
January 23, 2023
CVE-2022-23529: RCE vulnerability discovered in JsonWebToken (JWT) library (Revoked)
Unit 42 researchers have discovered a vulnerability in the widely-used JsonWebToken open..
Read full post
January 20, 2023
How T-Mobile API attack led to 37 million customers' Data breach?
T-Mobile, one of the biggest names in the telecommunications industry, has suffered
Read full post
January 9, 2023
What is Broken User Authentication (BUA)?
In this blog, we will explore the issue of API2:2019 Broken User Authentication and how...
Read full post
January 7, 2023
The Lego Marketplace Hack: How Researchers discovered XSS and SSRF Vulnerabilities
Did you know that researchers recently uncovered some serious vulnerabilities in a...
Read full post
December 28, 2022
How Curefit solved API security using Akto
Working in the field of information security for more than ten years now, I have faced...
Read full post
December 22, 2022
Breakdown of HackerOne 2022 Security report: What it means for API security?
It’s year end and we have some awesome 2022 API security insights for you! HackerOne...
Read full post
December 14, 2022
BOLA exploitation using unauthorized UUID on an API endpoint
A UUID (Universal Unique Identifier) is a standardized 128-bit format for identifying....
Read full post
December 7, 2022
How to test for BOLA on an endpoint with weak enumerable user IDs?
An interesting test case where a weak user identifier can be used to perform a BOLA attack
Read full post
December 6, 2022
How IDOR caused exposure of Florida’s tax filers’ data?
Bank account data of hundreds of taxpayers were disclosed due to IDOR vulnerability
Read full post
December 5, 2022
What is Broken Object Level Authorization (BOLA)?
Broken Object level Authorization is the most severe API security vulnerability...
Read full post
November 3, 2022
Akto’s $4.5M funding: What it means?
Super excited to announce that we have raised $4.5M seed funding!
Read full post
November 2, 2022
Introducing Akto 60 seconds Deploy
Akto is on a mission to make API security journeys for security engineers and developers..
Read full post
October 21, 2022
Optus Breach: What Happened And How Akto Can Help?
Optus is the second-largest telecommunications provider in Australia.
Read full post