Blogs

Product updates
10 mins
Akto Vulnerabilities are now tagged with CWE
Developers and security teams crave a standardized frame of reference for vulnerabilities. CWE bridges the knowledge gap and provides much-needed context.

Ankita Gupta

Product updates
1 min
Login using GitHub is now available to all On premise users
Login using GitHub is now available to all On premise users

Ankita Gupta

Product updates
3 mins
Test Editor is now 2x more efficient: Autocomplete, syntax errors and more..
Added autocomplete, syntax error highlighting and examples snippets in YAML test editor

Ankita Gupta

Product updates
2 mins
First Step towards collaborative reporting: Added export findings as HTML
In order to improve collaboration and help security teams share finding reports amongst each other and developers, we have released a feature called Export as HTML.

Ankita Gupta

API security
15 mins
XML injection vulnerability: Examples, cheatsheet and prevention
XML Injection is a type of attack that targets web applications that generate XML content. Attackers use malicious code to exploit vulnerabilities in XML parsers to manipulate the content of an XML document.

Medusa

Insights
13 mins
Top 8 DevSecOps Best Practices
This blog describes key devsecops best practices for secure software development.

Gunnar Andrews

Insights
14 mins
What is DevSecOps?: Introduction to DevSecOps, its evolution, and significance.
DevSecOps is an approach to software development that integrates security practices and controls throughout the entire development lifecycle. Learn about DevSecops, its evolution, significance, case studies and assessing a career in the field through this blog

Sarvesh Kapre

News
2 mins
August 2023 Newsletter: New pricing, BlackHat, Test Editor and more..
This blog is the first monthly newsletter for Akto, open source API Security in CI/CD. We have exciting updates to share with you, including new product features and highlights, upcoming events, and recommended readings.

Ankita Gupta

News
5 mins
Conversation with Microsoft’s Avinash Jain: Common API vulnerabilities
This blog is about Akto's first episode of the API Security podcast. Avinash Jain, Security at Microsoft shares his knowledge on common API Security vulnerabilities with Akto.

Raaga Srinivas

Vulnerabilities
10 mins
Clickjacking: Understanding vulnerability, attacks and prevention
Clickjacking ( UI redressing) is a type of attack where a malicious website tricks a user into clicking on something different from what they intended

Medusa

Developer best practices
8 mins
A Developer's Deep Dive into Implementing Content Security Policy
Content Security Policy (CSP) is a security mechanism designed to mitigate cross-site scripting (XSS) and other code injection attacks.

Medusa

Vulnerabilities
8 mins
Mastering Directory Traversal: A Comprehensive Guide from Basics to Prevention
Directory Traversal vulnerability allows an attacker to access sensitive files or execute commands on the application server.

Medusa

Announcements
2 mins
Akto's Hands-on Workshop at the Bay Area OWASP Meetup in August
Join Akto's co-founders for a hands-on API Security training event at the Bay Area OWASP meetup on August 16, 2023.

Akto team

Announcements
1 min
Akto's Presentation at Defcon 2023 in Las Vegas
Akto team will be presenting at DEFCON USA 2023 in Las Vegas. Come and join the team!

Akto team

Announcements
1 min
Akto Takes Center Stage at Black Hat 2023 in Las Vegas
Akto team will be presenting at Arsenal at Black Hat USA 2023 in Las Vegas. Come and join the team!

Akto team

Vulnerabilities
6 mins
Server-side Template Injection: Explanation, Discovery, Exploitation, and Prevention
Server-side template injection (SSTI) is a vulnerability that can allow attackers to execute arbitrary code on the server.

Medusa

Product updates
5 mins
Introducing Test Editor: Your playground for writing custom API security tests
Akto's test editor is the world's first personalized API security testing tool. It is a simple, fast and scalable way to test APIs for security vulnerabilities.

Ankita Gupta

API security breaches
3 mins
Warning: IDOR Vulnerability Found in Microsoft Teams Product
Researchers discovered IDOR vulnerability in Microsoft Teams' IDOR that lets attackers inject malware into any organization.

Medusa

API security tests
8 mins
The IDOR Blueprint: A Comprehensive Guide to Identifying and Mitigating Vulnerabilities
IDOR is a type of security vulnerability that is caused by an application's failure to properly validate and authorize user input leading to unauthorized action.

Medusa

API security tests
9 mins
Exploring Cross-Site Request Forgery (CSRF) vulnerabilities: Still a threat!
CSRF is a type of attack that occurs when a user clicks on a malicious website, email, or another message that causes the user's web browser to perform an unwanted action on a trusted site on which the user is currently authenticated.

Medusa

Founder stories
7 mins
25 Must have Tools for Every Early Stage Startup founder and team
Learn about 25 must-have tools that early-stage startups can use to improve efficiency. These include internal documentation, collaboration and more..

Ankita Gupta

API security tests
9 mins
Demystifying CORS Vulnerabilities: How Attackers Exploit Cross-Origin Resource Sharing to Steal API Keys
CORS is commonly used to enable web pages to interact with APIs hosted on a different domain than the web page itself.

Medusa

OWASP top 10
10 min read
What's changed in OWASP API Security Top 10 2023 Release Candidate from 2019?
In this blog, we will compare the changes of OWASP API Security Top 10 2019 and OWASP API Security Top 10 2023 release candidate.

Jaydev Ahire

API security tests
10 mins read
Demystifying SQL Injection: A Comprehensive Guide to Understanding SQL Injection Risks
SQL Injection (SQLi) is a type of attack where an attacker injects malicious SQL code into a vulnerable application's database query.

Medusa

Customer case studies
8 mins read
Akto as an API Security Automation Case Study
API Security Automation case study using Akto by Oleg Greb, Visa Security team

Oleg Gryb

API security tests
6 mins read
How To Test BOLA by Parameter Pollution Using Akto
In 2016, a security researcher discovered a vulnerability that allowed attackers to bypass Uber's two-factor authentication system and take over accounts by exploiting BOLA via parameter pollution.

Medusa

API security tests
8 mins read
How to test Broken Function Level Authorization by Changing the HTTP Method Using Akto?
The Equifax data breach in 2017, which exposed the personal information of 143 million individuals, was a result of a vulnerability in the Apache Struts API framework and a broken functionality level authorization (BFLA) in Equifax's web application.

Medusa

Engineering
6 mins read
How to create your own Puppeteer-as-a-service using NodeJS and Puppeteer?
Nearly a month ago we solved a very hard problem for our product, which involved automating auth token generation for a given website involving multiple login steps.

Ayush Agarwal

Product updates
4 min read
Introducing AktoGPT to secure APIs
This blog is about the launch of AktoGPT launch, how AktoGPT unleashes the power of GPT to secure APIs!
Akto team

API security tests
5 min read
How to Test Mass Assignment in APIs using Akto
This blog is about learning mass assignment vulnerability, how to find it manually, how to test for it using Akto and finally how to prevent it.

Medusa

Vulnerabilities
10 min read
What is Cross-site scripting (XSS) and how to prevent as a developer?
This blog will help developers to understand XSS, its types, how to discover and prevent it. XSS stands for Cross-Site Scripting, a type of vulnerability

Jaydev Ahire

Engineering
2 min read
How to run bash commands on AWS EC2 instance restart ?
In this blog, you will learn how to run bash commands on AWS EC2 instance restart.

Shivansh Agrawal

Vulnerabilities
8 min read
What is XML External Entity attack (XXE attack) & How to prevent as a developer?
XXE is a vulnerability in XML processing that attackers exploit to access sensitive data. Learn all about XML External Entity attack and how to prevent it.

Jaydev Ahire

Developer best practices
7 min read
How to prevent Server-Side Request Forgery (SSRF) as a developer?
In this blog, you will learn how to prevent Server-Side Request Forgery (SSRF) as a developer.

Jaydev Ahire

Founder stories
4 min read
How to hire developers in an early stage startup?
Learn how to hire developers in an early stage startup, written by Akto CTO - Ankush Jain.

Ankush Jain - Co-founder and CTO, Akto

Product updates
2 min read
Introducing Akto - Burp extension 2.0
Learn about Akto's Burp extension in this blog.

Jaydev Ahire

API security breaches
4 min read
Toyota API security Breach: Unprotected internal endpoint led to privilege escalation
Learn about Toyota API security Breach: Unprotected internal endpoint led to privilege escalation.

Jaydev Ahire
API security tests
5 min read
BOLA exploitation using unauthorized UUID on an API endpoint
This blog is about how to test for BOLA using unauthorized UUID on an API endpoint.

Jaydev Ahire
Insights
3 min read
Breakdown of HackerOne 2022 Security report: What it means for API security?
In this blog, we have analyzed 2022 security report from HackerOne for APIs.

Ankita Gupta

Customer case studies
5 min read
How Curefit solved API security using Akto
In this blog, you will learn how Curefit solved API security using Akto.

Swapnil Sharma, Security engineer at CureFit

API security breaches
5 min read
How IDOR caused exposure of Florida’s tax filers’ data?
Florida tax filer's bank account data of hundreds of taxpayers were disclosed due to IDOR vulnerability

Jaydev Ahire

API security breaches
4 min read
Optus Breach: What Happened And How Akto Can Help?
Learn how Optus, the second-largest telecommunications provider in Australia had API security breach.

Jaydev Ahire
API security tests
6 min read
How to test for BOLA on an endpoint with weak enumerable user IDs?
In this blog you will learn how to test for Broken Object Level Authorization with weak enumerable user IDs.

Jaydev Ahire

Product updates
2 min read
Introducing Akto 60 seconds Deploy
Learn how to deploy Akto in 60 seconds.

Ankita Gupta
Announcements
10 min read
Introducing Akto Open Source: Redefining API security
This blog is about our Open source launch, why we went open source and what future holds for Akto Open Source.
Akto Team
API security tests
5 min read
How to test JWT NONE Algorithm vulnerability?
In this blog, you will learn How to test JWT NONE Algorithm vulnerability using Akto.

Jaydev Ahire
Vulnerabilities
3 min read
CVE-2022-23529: RCE vulnerability discovered in JsonWebToken (JWT) library (Revoked)
This blog is about the CVE-2022-23529: RCE vulnerability discovered in JsonWebToken (JWT) library (Revoked).

Jaydev Ahire

Announcements
8 min read
Akto’s $4.5M funding: What it means?
This blog is about Akto's seed funding announcement.

Ankita Gupta

API security breaches
2 min read
How T-Mobile API attack led to 37 million customers' Data breach?
Learn how How T-Mobile API attack led to 37 million customers' Data breach.

Jaydev Ahire
API security breaches
5 min read
The Lego Marketplace Hack: How Researchers discovered XSS and SSRF Vulnerabilities
Learn how Researchers discovered XSS and SSRF Vulnerabilities in The Lego Marketplace Hack.

Jaydev Ahire
OWASP top 10
6 min read
What is Broken User Authentication (BUA)?
Broken User Authentication is one of the most critical vulnerability in OWASP Top 10 of APIs.

Jaydev Ahire
OWASP top 10
8 min read
What is Broken Object Level Authorization (BOLA)?
Broken Object level Authorization is the most critical vulnerability in OWASP Top 10 of APIs.

Jaydev Ahire