Webinar on Importance of API Documentation in API Security

Register Now

Webinar on Importance of API Documentation in API Security

Register Now

Webinar on Importance of API Documentation in API Security

Register Now

Products

Solutions

Resources

Search for API Security Tests

/

/

API Security

API Security

Prompt Injection

API Security

5 mins

Prompt Injection Vulnerabilities in LLMs: An Overview of OWASP LLM01

Prompt injection in Large Language Models (LLMs) is a security attack technique where malicious instructions are inserted into a prompt, leading the LLM to unintentionally perform actions that may include revealing sensitive information, executing unauthorized actions, or manipulating its output.

Arjun

LLM Model Risks

API Security

6 mins

LLM Risks: Insights & Real-World Case Studies

LLM security involves protecting AI systems like ChatGPT, Bard from potential risks such as biased outputs, malicious use and maintaining privacy in their applications.

Arjun

Insecure Output Handling

API Security

7 mins

Insecure Output Handling in LLMs: Insights into OWASP LLM02

This blog is about "Insecure Output Handling" that pertains to the potential risk that may arise when the content generated by an LLM is not adequately sanitized or filtered prior to being presented to the end user.

Arjun Author

Arjun

API Security in DevSecOps with Joe Gerber

API Security

10 mins

API Security in DevSecOps with Joe Gerber, VP AppSec Wells Fargo

On 18th Jan, 2024, Akto hosted a Webinar on API Security in DevSecOps with Joe Gerber, VP Appsec at Wells-Fargo.

Raaga Srinivas

Raaga Srinivas

SQL Injection Cheet Sheet

API Security

6 Mins

SQL Injection Cheat Sheet

A comprehensive guide to SQL Injection vulnerabilities, techniques, and examples. Learn how to exploit different databases and bypass WAF.

Medusa Author

Medusa

Top 10 Best API Security Practices

API Security

10 mins

# Top 10 API Security Best Practices You Must Implement

A comprehensive guide on the top 10 API security best practices, covering authentication, encryption, testing, and vulnerability prevention.

Medusa-author

Medusa

OWASP Top 10 API Security Threats 2023

API Security

6 min

Exploring the OWASP API Top 10: The Leading Security Threats of 2023

The OWASP Top 10 for API 2023 is the latest list released by the Open Web Application Security Project (OWASP). In this blog you will learn what are these top 10 API vulnerabilities and how to protect your APIs against them.

Medusa Author

Medusa

XML Injection: examples, cheatsheet and prevention

API security

15 mins

XML injection vulnerability: Examples, cheatsheet and prevention

XML Injection is a type of attack that targets web applications that generate XML content. Attackers use malicious code to exploit vulnerabilities in XML parsers to manipulate the content of an XML document.

Author Image

Medusa

API Security

8 mins

The IDOR Blueprint: A Comprehensive Guide to Identifying and Mitigating Vulnerabilities

IDOR is a type of security vulnerability that is caused by an application's failure to properly validate and authorize user input leading to unauthorized action.

Author Image

Medusa

CORS vulnerability

API Security

9 mins

CORS Vulnerabilities: How Attackers Exploit Cross-Origin Resource Sharing to Steal API Keys

CORS is commonly used to enable web pages to interact with APIs hosted on a different domain than the web page itself.

Medusa

SQL Inection

API Security

10 mins read

SQL Injection: A Comprehensive Guide to Understanding SQL Injection Risks

SQL Injection (SQLi) is a type of attack where an attacker injects malicious SQL code into a vulnerable application's database query.

Author Image

Medusa

test-BOLA

API Security

6 mins read

How To Test BOLA by Parameter Pollution Using Akto

In 2016, a security researcher discovered a vulnerability that allowed attackers to bypass Uber's two-factor authentication system and take over accounts by exploiting BOLA via parameter pollution.

Medusa

Test-BFLA-using-Akto

API Security

8 mins read

BFLA: How to test Broken Function Level Authorization by Changing the HTTP Method Using Akto?

The Equifax data breach in 2017, which exposed the personal information of 143 million individuals, was a result of a vulnerability in the Apache Struts API framework and a broken functionality level authorization (BFLA) in Equifax's web application.

Medusa

Test mass assignment vulnerability

API Security

5 min read

Mass Assignment Vulnerability: How to Test Mass Assignment in APIs using Akto

This blog is about learning mass assignment vulnerability, how to find it manually, how to test for it using Akto and finally how to prevent it.

Medusa

top-10-owasp-apisecurity-2019

API Security

10 min read

What's changed in OWASP API Security Top 10 2023 Release Candidate from 2019?

In this blog, we will compare the changes of OWASP API Security Top 10 2019 and OWASP API Security Top 10 2023 release candidate.

Author Image

Jaydev Ahire

Top-10-OWASP-API-Security

API Security

8 min read

What is Broken Object Level Authorization (BOLA)?

Broken Object level Authorization is the most critical vulnerability in OWASP Top 10 of APIs.

Jaydev Ahire

What-is-BUA

API Security

6 min read

Broken Authentication: What is Broken User Authentication (BUA)?

Broken User Authentication is one of the most critical vulnerability in OWASP Top 10 of APIs.

Jaydev Ahire

How to test JWT-NONE Algorithm

API Security

5 min read

How to Test JWT NONE Algorithm Vulnerability?

In this blog, you will learn How to test JWT NONE Algorithm vulnerability using Akto.

Jaydev Ahire

Jaydev Ahire

BOLA-Test-Case-1

API Security

6 min read

Defending Against BOLA Attacks: Testing Endpoints with Vulnerable User IDs

In this blog you will learn how to test for Broken Object Level Authorization with weak enumerable user IDs.

Jaydev Ahire

Bola Test Case

API Security

5 min read

Testing UUID Security: Preventing BOLA Exploitation on API Endpoints

This blog is about how to test for BOLA using unauthorized UUID on an API endpoint.

Jaydev Ahire

Jaydev Ahire

Monthly product updates in your inbox. No spam.

No spam. Ever.