Get Beta Access to Akto LLM Security 🚀

Join Beta now

Get Beta Access to Akto LLM Security 🚀

Join Beta now

Get Beta Access to Akto LLM Security 🚀

Join Beta now

Products

Solutions

Resources

Blogs

Vulnerabilities are now tagged with CWE

Product updates

10 mins

Akto Vulnerabilities are now tagged with CWE

Developers and security teams crave a standardized frame of reference for vulnerabilities. CWE bridges the knowledge gap and provides much-needed context.

Ankita Gupta

Login via github

Product updates

1 min

Login using GitHub is now available to all On premise users

Login using GitHub is now available to all On premise users

Author profile

Ankita Gupta

Test Editor new features

Product updates

3 mins

Test Editor is now 2x more efficient: Autocomplete, syntax errors and more..

Added autocomplete, syntax error highlighting and examples snippets in YAML test editor

Author image

Ankita Gupta

Collborative reporting

Product updates

2 mins

First Step towards collaborative reporting: Added export findings as HTML

In order to improve collaboration and help security teams share finding reports amongst each other and developers, we have released a feature called Export as HTML.

Author image

Ankita Gupta

XML Injection: examples, cheatsheet and prevention

API security

15 mins

XML injection vulnerability: Examples, cheatsheet and prevention

XML Injection is a type of attack that targets web applications that generate XML content. Attackers use malicious code to exploit vulnerabilities in XML parsers to manipulate the content of an XML document.

Medusa

Top 8 best practices of devsecops

Insights

13 mins

Top 8 DevSecOps Best Practices

This blog describes key devsecops best practices for secure software development.

Author profile

Gunnar Andrews

Insights

14 mins

What is DevSecOps?: Introduction to DevSecOps, its evolution, and significance.

DevSecOps is an approach to software development that integrates security practices and controls throughout the entire development lifecycle. Learn about DevSecops, its evolution, significance, case studies and assessing a career in the field through this blog

Sarvesh Kapre

August newsletter

News

2 mins

August 2023 Newsletter: New pricing, BlackHat, Test Editor and more..

This blog is the first monthly newsletter for Akto, open source API Security in CI/CD. We have exciting updates to share with you, including new product features and highlights, upcoming events, and recommended readings.

Ankita Gupta

News

5 mins

Conversation with Microsoft’s Avinash Jain: Common API vulnerabilities

This blog is about Akto's first episode of the API Security podcast. Avinash Jain, Security at Microsoft shares his knowledge on common API Security vulnerabilities with Akto.

Raaga Srinivas

Clickjacking vulnerability

Vulnerabilities

10 mins

Clickjacking: Understanding vulnerability, attacks and prevention

Clickjacking ( UI redressing) is a type of attack where a malicious website tricks a user into clicking on something different from what they intended

Medusa

Developer best practices

8 mins

A Developer's Deep Dive into Implementing Content Security Policy

Content Security Policy (CSP) is a security mechanism designed to mitigate cross-site scripting (XSS) and other code injection attacks.

Medusa

Vulnerabilities

8 mins

Mastering Directory Traversal: A Comprehensive Guide from Basics to Prevention

Directory Traversal vulnerability allows an attacker to access sensitive files or execute commands on the application server.

Medusa

Announcements

2 mins

Akto's Hands-on Workshop at the Bay Area OWASP Meetup in August

Join Akto's co-founders for a hands-on API Security training event at the Bay Area OWASP meetup on August 16, 2023.

Akto team

Announcements

1 min

Akto's Presentation at Defcon 2023 in Las Vegas

Akto team will be presenting at DEFCON USA 2023 in Las Vegas. Come and join the team!

Akto team

Announcements

1 min

Akto Takes Center Stage at Black Hat 2023 in Las Vegas

Akto team will be presenting at Arsenal at Black Hat USA 2023 in Las Vegas. Come and join the team!

Akto team

Vulnerabilities

6 mins

Server-side Template Injection: Explanation, Discovery, Exploitation, and Prevention

Server-side template injection (SSTI) is a vulnerability that can allow attackers to execute arbitrary code on the server.

Medusa

Product updates

5 mins

Introducing Test Editor: Your playground for writing custom API security tests

Akto's test editor is the world's first personalized API security testing tool. It is a simple, fast and scalable way to test APIs for security vulnerabilities.

Ankita Gupta

API security breaches

3 mins

Warning: IDOR Vulnerability Found in Microsoft Teams Product

Researchers discovered IDOR vulnerability in Microsoft Teams' IDOR that lets attackers inject malware into any organization.

Medusa

API security tests

8 mins

The IDOR Blueprint: A Comprehensive Guide to Identifying and Mitigating Vulnerabilities

IDOR is a type of security vulnerability that is caused by an application's failure to properly validate and authorize user input leading to unauthorized action.

Medusa

Exploring CSRF

API security tests

9 mins

Exploring Cross-Site Request Forgery (CSRF) vulnerabilities: Still a threat!

CSRF is a type of attack that occurs when a user clicks on a malicious website, email, or another message that causes the user's web browser to perform an unwanted action on a trusted site on which the user is currently authenticated.

Medusa

Founder stories

7 mins

25 Must have Tools for Every Early Stage Startup founder and team

Learn about 25 must-have tools that early-stage startups can use to improve efficiency. These include internal documentation, collaboration and more..

Ankita Gupta

CORS vulnerability

API security tests

9 mins

Demystifying CORS Vulnerabilities: How Attackers Exploit Cross-Origin Resource Sharing to Steal API Keys

CORS is commonly used to enable web pages to interact with APIs hosted on a different domain than the web page itself.

Medusa

OWASP top 10

10 min read

What's changed in OWASP API Security Top 10 2023 Release Candidate from 2019?

In this blog, we will compare the changes of OWASP API Security Top 10 2019 and OWASP API Security Top 10 2023 release candidate.

Jaydev Ahire

SQL Inection

API security tests

10 mins read

Demystifying SQL Injection: A Comprehensive Guide to Understanding SQL Injection Risks

SQL Injection (SQLi) is a type of attack where an attacker injects malicious SQL code into a vulnerable application's database query.

Medusa

Customer case studies

8 mins read

Akto as an API Security Automation Case Study

API Security Automation case study using Akto by Oleg Greb, Visa Security team

Oleg Gryb

API security tests

6 mins read

How To Test BOLA by Parameter Pollution Using Akto

In 2016, a security researcher discovered a vulnerability that allowed attackers to bypass Uber's two-factor authentication system and take over accounts by exploiting BOLA via parameter pollution.

Medusa

API security tests

8 mins read

How to test Broken Function Level Authorization by Changing the HTTP Method Using Akto?

The Equifax data breach in 2017, which exposed the personal information of 143 million individuals, was a result of a vulnerability in the Apache Struts API framework and a broken functionality level authorization (BFLA) in Equifax's web application.

Medusa

Engineering

6 mins read

How to create your own Puppeteer-as-a-service using NodeJS and Puppeteer?

Nearly a month ago we solved a very hard problem for our product, which involved automating auth token generation for a given website involving multiple login steps.

Ayush Agarwal

Product updates

4 min read

Introducing AktoGPT to secure APIs

This blog is about the launch of AktoGPT launch, how AktoGPT unleashes the power of GPT to secure APIs!

Akto team

API security tests

5 min read

How to Test Mass Assignment in APIs using Akto

This blog is about learning mass assignment vulnerability, how to find it manually, how to test for it using Akto and finally how to prevent it.

Medusa

Vulnerabilities

10 min read

What is Cross-site scripting (XSS) and how to prevent as a developer?

This blog will help developers to understand XSS, its types, how to discover and prevent it. XSS stands for Cross-Site Scripting, a type of vulnerability

Jaydev Ahire

Engineering

2 min read

How to run bash commands on AWS EC2 instance restart ?

In this blog, you will learn how to run bash commands on AWS EC2 instance restart.

Shivansh Agrawal

Vulnerabilities

8 min read

What is XML External Entity attack (XXE attack) & How to prevent as a developer?

XXE is a vulnerability in XML processing that attackers exploit to access sensitive data. Learn all about XML External Entity attack and how to prevent it.

Jaydev Ahire

Developer best practices

7 min read

How to prevent Server-Side Request Forgery (SSRF) as a developer?

In this blog, you will learn how to prevent Server-Side Request Forgery (SSRF) as a developer.

Jaydev Ahire

Founder stories

4 min read

How to hire developers in an early stage startup?

Learn how to hire developers in an early stage startup, written by Akto CTO - Ankush Jain.

Ankush Jain - Co-founder and CTO, Akto

Product updates

2 min read

Introducing Akto - Burp extension 2.0

Learn about Akto's Burp extension in this blog.

Jaydev Ahire

API security breaches

4 min read

Toyota API security Breach: Unprotected internal endpoint led to privilege escalation

Learn about Toyota API security Breach: Unprotected internal endpoint led to privilege escalation.

Jaydev Ahire

API security tests

5 min read

BOLA exploitation using unauthorized UUID on an API endpoint

This blog is about how to test for BOLA using unauthorized UUID on an API endpoint.

Jaydev Ahire

Insights

3 min read

Breakdown of HackerOne 2022 Security report: What it means for API security?

In this blog, we have analyzed 2022 security report from HackerOne for APIs.

Ankita Gupta

Customer case studies

5 min read

How Curefit solved API security using Akto

In this blog, you will learn how Curefit solved API security using Akto.

Swapnil Sharma, Security engineer at CureFit

API security breaches

5 min read

How IDOR caused exposure of Florida’s tax filers’ data?

Florida tax filer's bank account data of hundreds of taxpayers were disclosed due to IDOR vulnerability

Jaydev Ahire

API security breaches

4 min read

Optus Breach: What Happened And How Akto Can Help?

Learn how Optus, the second-largest telecommunications provider in Australia had API security breach.

Jaydev Ahire

API security tests

6 min read

How to test for BOLA on an endpoint with weak enumerable user IDs?

In this blog you will learn how to test for Broken Object Level Authorization with weak enumerable user IDs.

Jaydev Ahire

Product updates

2 min read

Introducing Akto 60 seconds Deploy

Learn how to deploy Akto in 60 seconds.

Ankita Gupta

Announcements

10 min read

Introducing Akto Open Source: Redefining API security

This blog is about our Open source launch, why we went open source and what future holds for Akto Open Source.

Akto Team

API security tests

5 min read

How to test JWT NONE Algorithm vulnerability?

In this blog, you will learn How to test JWT NONE Algorithm vulnerability using Akto.

Jaydev Ahire

Vulnerabilities

3 min read

CVE-2022-23529: RCE vulnerability discovered in JsonWebToken (JWT) library (Revoked)

This blog is about the CVE-2022-23529: RCE vulnerability discovered in JsonWebToken (JWT) library (Revoked).

Jaydev Ahire

Announcements

8 min read

Akto’s $4.5M funding: What it means?

This blog is about Akto's seed funding announcement.

Ankita Gupta

API security breaches

2 min read

How T-Mobile API attack led to 37 million customers' Data breach?

Learn how How T-Mobile API attack led to 37 million customers' Data breach.

Jaydev Ahire

API security breaches

5 min read

The Lego Marketplace Hack: How Researchers discovered XSS and SSRF Vulnerabilities

Learn how Researchers discovered XSS and SSRF Vulnerabilities in The Lego Marketplace Hack.

Jaydev Ahire

OWASP top 10

6 min read

What is Broken User Authentication (BUA)?

Broken User Authentication is one of the most critical vulnerability in OWASP Top 10 of APIs.

Jaydev Ahire

OWASP top 10

8 min read

What is Broken Object Level Authorization (BOLA)?

Broken Object level Authorization is the most critical vulnerability in OWASP Top 10 of APIs.

Jaydev Ahire