Akto Blogs

XML Injection is a type of attack that targets web applications that generate XML content. Attackers use malicious code to exploit vulnerabilities in XML parsers to manipulate the content of an XML document.

IDOR is a type of security vulnerability that is caused by an application's failure to properly validate and authorize user input leading to unauthorized action.

CORS is commonly used to enable web pages to interact with APIs hosted on a different domain than the web page itself.

In this blog, we will compare the changes of OWASP API Security Top 10 2019 and OWASP API Security Top 10 2023 release candidate.

SQL Injection (SQLi) is a type of attack where an attacker injects malicious SQL code into a vulnerable application's database query.

In 2016, a security researcher discovered a vulnerability that allowed attackers to bypass Uber's two-factor authentication system and take over accounts by exploiting BOLA via parameter pollution.

The Equifax data breach in 2017, which exposed the personal information of 143 million individuals, was a result of a vulnerability in the Apache Struts API framework and a broken functionality level authorization (BFLA) in Equifax's web application.

This blog is about learning mass assignment vulnerability, how to find it manually, how to test for it using Akto and finally how to prevent it.

This blog is about how to test for BOLA using unauthorized UUID on an API endpoint.

In this blog you will learn how to test for Broken Object Level Authorization with weak enumerable user IDs.

In this blog, you will learn How to test JWT NONE Algorithm vulnerability using Akto.

Broken User Authentication is one of the most critical vulnerability in OWASP Top 10 of APIs.

Broken Object level Authorization is the most critical vulnerability in OWASP Top 10 of APIs.