Blogs

Developers and security teams crave a standardized frame of reference for vulnerabilities. CWE bridges the knowledge gap and provides much-needed context.

Login using GitHub is now available to all On premise users

Added autocomplete, syntax error highlighting and examples snippets in YAML test editor

In order to improve collaboration and help security teams share finding reports amongst each other and developers, we have released a feature called Export as HTML.

XML Injection is a type of attack that targets web applications that generate XML content. Attackers use malicious code to exploit vulnerabilities in XML parsers to manipulate the content of an XML document.

This blog describes key devsecops best practices for secure software development.

DevSecOps is an approach to software development that integrates security practices and controls throughout the entire development lifecycle. Learn about DevSecops, its evolution, significance, case studies and assessing a career in the field through this blog

This blog is the first monthly newsletter for Akto, open source API Security in CI/CD. We have exciting updates to share with you, including new product features and highlights, upcoming events, and recommended readings.

This blog is about Akto's first episode of the API Security podcast. Avinash Jain, Security at Microsoft shares his knowledge on common API Security vulnerabilities with Akto.

Clickjacking ( UI redressing) is a type of attack where a malicious website tricks a user into clicking on something different from what they intended

Content Security Policy (CSP) is a security mechanism designed to mitigate cross-site scripting (XSS) and other code injection attacks.

Directory Traversal vulnerability allows an attacker to access sensitive files or execute commands on the application server.

Join Akto's co-founders for a hands-on API Security training event at the Bay Area OWASP meetup on August 16, 2023.

Akto team will be presenting at DEFCON USA 2023 in Las Vegas. Come and join the team!

Akto team will be presenting at Arsenal at Black Hat USA 2023 in Las Vegas. Come and join the team!

Server-side template injection (SSTI) is a vulnerability that can allow attackers to execute arbitrary code on the server.

Akto's test editor is the world's first personalized API security testing tool. It is a simple, fast and scalable way to test APIs for security vulnerabilities.

Researchers discovered IDOR vulnerability in Microsoft Teams' IDOR that lets attackers inject malware into any organization.

IDOR is a type of security vulnerability that is caused by an application's failure to properly validate and authorize user input leading to unauthorized action.

CSRF is a type of attack that occurs when a user clicks on a malicious website, email, or another message that causes the user's web browser to perform an unwanted action on a trusted site on which the user is currently authenticated.

Learn about 25 must-have tools that early-stage startups can use to improve efficiency. These include internal documentation, collaboration and more..

CORS is commonly used to enable web pages to interact with APIs hosted on a different domain than the web page itself.

In this blog, we will compare the changes of OWASP API Security Top 10 2019 and OWASP API Security Top 10 2023 release candidate.

SQL Injection (SQLi) is a type of attack where an attacker injects malicious SQL code into a vulnerable application's database query.

API Security Automation case study using Akto by Oleg Greb, Visa Security team

In 2016, a security researcher discovered a vulnerability that allowed attackers to bypass Uber's two-factor authentication system and take over accounts by exploiting BOLA via parameter pollution.

The Equifax data breach in 2017, which exposed the personal information of 143 million individuals, was a result of a vulnerability in the Apache Struts API framework and a broken functionality level authorization (BFLA) in Equifax's web application.

Nearly a month ago we solved a very hard problem for our product, which involved automating auth token generation for a given website involving multiple login steps.

This blog is about the launch of AktoGPT launch, how AktoGPT unleashes the power of GPT to secure APIs!

This blog is about learning mass assignment vulnerability, how to find it manually, how to test for it using Akto and finally how to prevent it.

This blog will help developers to understand XSS, its types, how to discover and prevent it. XSS stands for Cross-Site Scripting, a type of vulnerability

In this blog, you will learn how to run bash commands on AWS EC2 instance restart.

XXE is a vulnerability in XML processing that attackers exploit to access sensitive data. Learn all about XML External Entity attack and how to prevent it.

In this blog, you will learn how to prevent Server-Side Request Forgery (SSRF) as a developer.

Learn how to hire developers in an early stage startup, written by Akto CTO - Ankush Jain.

Learn about Akto's Burp extension in this blog.

Learn about Toyota API security Breach: Unprotected internal endpoint led to privilege escalation.

This blog is about how to test for BOLA using unauthorized UUID on an API endpoint.

In this blog, we have analyzed 2022 security report from HackerOne for APIs.

In this blog, you will learn how Curefit solved API security using Akto.

Florida tax filer's bank account data of hundreds of taxpayers were disclosed due to IDOR vulnerability

Learn how Optus, the second-largest telecommunications provider in Australia had API security breach.

In this blog you will learn how to test for Broken Object Level Authorization with weak enumerable user IDs.

Learn how to deploy Akto in 60 seconds.

This blog is about our Open source launch, why we went open source and what future holds for Akto Open Source.

In this blog, you will learn How to test JWT NONE Algorithm vulnerability using Akto.

This blog is about the CVE-2022-23529: RCE vulnerability discovered in JsonWebToken (JWT) library (Revoked).

This blog is about Akto's seed funding announcement.

Learn how How T-Mobile API attack led to 37 million customers' Data breach.

Learn how Researchers discovered XSS and SSRF Vulnerabilities in The Lego Marketplace Hack.

Broken User Authentication is one of the most critical vulnerability in OWASP Top 10 of APIs.

Broken Object level Authorization is the most critical vulnerability in OWASP Top 10 of APIs.