![Twilio Data Breach](https://framerusercontent.com/images/cRJPcVaGjAvKgabl1w6MVywhjis.png)
API Security
3 minutes
Twilio Data Breach: 33 Million Authy User Phone Numbers Exposed by Hacker
Twilio's data breach exposed 33 million Authy user phone numbers because of an unauthenticated endpoint.
![Profile Image](https://framerusercontent.com/images/UvSi4AA1fbDHTS86ZlsZXDy2Bk.png)
Insha
![Dynamic White Box Testing](https://framerusercontent.com/images/AyNqHSNc3DHedcQxYMIOJNk6iI.png)
API Security
10 minutes
Dynamic White Box Testing Guide - Key Features, Levels and Examples
Dynamic White Box Testing is a strategy in which the tester is aware of the internal structure of the application under test.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![DAST Black Box Testing](https://framerusercontent.com/images/rAbcprhvDH0VrV9ai4SMFHQf5Ss.png)
API Security
8 minutes
DAST Black Box Testing: Types of Black Box Testing and How it works
Black Box Testing is a methodology where the internal workings of the system under test are unknown to the tester.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![ZAP DAST](https://framerusercontent.com/images/viYwGKc3bywSlq36DsfHe9nCxc.png)
API Security
12 minutes
What is ZAP DAST: Step-by-Step Guide to Installing ZAP DAST
ZAP DAST secures your web applications during runtime from security vulnerabilities by mimicking the actions of a malicious attacker.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![Github DAST](https://framerusercontent.com/images/7t5kiJIllzbxTH6yPYokxdsbV2E.png)
API Security
10 minutes
GitHub DAST: Key Features, Setting Up GitHub DAST, and Its Use Cases
GitHub DAST protects your web applications from security vulnerabilities by simulating attacks on web applications while it is running.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![Burp Suite DAST](https://framerusercontent.com/images/5jU4585xQ3MrLudtC6GQ7UacdE.png)
API Security
12 minutes
Burp Suite DAST Overview: How Burp Suite Operates
Burp Suite DAST protects your web applications from security vulnerabilities by simulating the actions of a malicious attacker.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![Tenable DAST](https://framerusercontent.com/images/pRI8LMpZbj8Q7ZbNJpp4TtMh9E.png)
API Security
12 minutes
How Tenable DAST Works and How Organizations Use It
Tenable DAST is a tool designed to protect modern applications including those reliant on javascript and AJAX frameworks from online threats.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![Rapid7 DAST](https://framerusercontent.com/images/E7osfJLgx8Pk5IhO4Ich0FMo.png)
API Security
10 minutes
Rapid7 DAST: Steps to Install and Configure Rapid7 DAST
Rapid7 DAST is a tool that analyzes web applications to identify potential security vulnerabilities.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![Qualys DAST](https://framerusercontent.com/images/DzEM9fLGSpyebill216eo4qFPQ.png)
API Security
10 minutes
How Qualys DAST Works? The Key Features of Qualys DAST
Qualys DAST is a tool that checks running applications from outside to inspect security flaws.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![What is Snyk DAST?](https://framerusercontent.com/images/DBPadhSKaLFdwzna6gQPL22yfvw.png)
API Security
9 minutes
How to Use Snyk DAST? Integrating Snyk DAST into Your CI/CD Pipeline
Snyk DAST examines your applications in real-time from outside to find possible security issues.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![DAST Gartner](https://framerusercontent.com/images/AYosxYAgNZ4VVPnH4tnEMTdR04.png)
API Security
9 minutes
DAST Gartner: How Gartner’s Magic Quadrant for DAST Works and Its Impact
DAST Gartner protects your applications from security vulnerabilities by simulating attacks in real time.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![OWASP DAST](https://framerusercontent.com/images/ekc3rbXsz5qEZzgVyQHai39H4s.png)
API Security
10 minutes
OWASP Dynamic Application Security Testing (DAST): Key Features, Projects, and Limitations
OWASP DAST is a tool designed to uncover security flaws in your live application by simulating external attacks.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![Synopsys DAST - WhiteHat DAST](https://framerusercontent.com/images/snAdc4VpC6wzEPKwM0ggeakqJc.png)
API Security
10 minutes
Synopsys DAST or WhiteHat DAST: Integrating Synopsys DAST with CI/CD Pipelines
Synopsys DAST or WhiteHat DAST secures your running web applications from potential vulnerabilities by simulating real-world attacks.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![Invicti DAST](https://framerusercontent.com/images/npdAnrioqq4gFFUr4mydD5Jtc.png)
API Security
8 minutes
Invicti DAST: Configuring a Scan and How Scanning Works in Invicti DAST
Invicti DAST is a tool designed to identify security vulnerabilities in websites and web applications by simulating real-world attacks.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![What is Fortify DAST?](https://framerusercontent.com/images/SmYdAmjZfWxHcxbWMjcpKAYs.png)
API Security
8 minutes
The Role of Fortify DAST in Scanning and WebInspect Installation
Fortify DAST secures your deployed web applications and services from potential vulnerabilities by simulating attacks.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![What is Veracode DAST?](https://framerusercontent.com/images/g2neb5dMM7gq7LfBK4j3iauBCL0.png)
API Security
8 minutes
Guide of Veracode DAST: Essentials, Documentation and Pricing
Veracode DAST simulates external attacks to check your web applications and APIs for security vulnerabilities.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![What is Checkmarx DAST?](https://framerusercontent.com/images/0FSBUez7ZPztrVQX1Mj8Mjh3BnQ.png)
API Security
10 minutes
Checkmarx Dynamic Application Security Testing (DAST): How the Checkmarx DAST Scan Works
Checkmarx DAST examines your live web applications and APIs for security issues by mimicking real-world attacks.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![What is GitLab DAST?](https://framerusercontent.com/images/VukHtHIsXy9EaTYnb3YqMiMRJ8.png)
API Security
10 minutes
GitLab DAST: Template Setup, Authentication, and Step-by-Step Scanning Guide
GitLab DAST is a tool that simulates attacks on your web applications to protect them from potential security issues.
![Profile Image](https://framerusercontent.com/images/wk5Es2fJzokFf1LlpwuZFM2B9w.png)
Muzammil Hasan
![Prompt Injection](https://framerusercontent.com/images/shOjLYJo8u4O3EFuWg2UIh03Y.png)
API Security
5 mins
Prompt Injection Vulnerabilities in LLMs: An Overview of OWASP LLM01
Prompt injection in Large Language Models (LLMs) is a security attack technique where malicious instructions are inserted into a prompt, leading the LLM to unintentionally perform actions that may include revealing sensitive information, executing unauthorized actions, or manipulating its output.
![](https://framerusercontent.com/images/jv4rF2PvgmnfolgAWk6cS6GBBU.png)
Arjun
![LLM Model Risks](https://framerusercontent.com/images/scdpsLQaTWG5VTTsEwc6gWHPGs.png)
API Security
6 mins
LLM Risks: Insights & Real-World Case Studies
LLM security involves protecting AI systems like ChatGPT, Bard from potential risks such as biased outputs, malicious use and maintaining privacy in their applications.
![](https://framerusercontent.com/images/jv4rF2PvgmnfolgAWk6cS6GBBU.png)
Arjun
![Insecure Output Handling](https://framerusercontent.com/images/HwceiZqkzgAeUFXIABuUtMlG4fo.png)
API Security
7 mins
Insecure Output Handling in LLMs: Insights into OWASP LLM02
This blog is about "Insecure Output Handling" that pertains to the potential risk that may arise when the content generated by an LLM is not adequately sanitized or filtered prior to being presented to the end user.
![Arjun Author](https://framerusercontent.com/images/jv4rF2PvgmnfolgAWk6cS6GBBU.png)
Arjun
![API Security in DevSecOps with Joe Gerber](https://framerusercontent.com/images/2PVfTGxxV7LSWoQTzyktCmp1wGY.png)
API Security
10 mins
API Security in DevSecOps with Joe Gerber, VP AppSec Wells Fargo
On 18th Jan, 2024, Akto hosted a Webinar on API Security in DevSecOps with Joe Gerber, VP Appsec at Wells-Fargo.
![Raaga Srinivas](https://framerusercontent.com/images/8GElknIWjXLH9SHSwvxy3FdjYj8.jpeg)
Raaga Srinivas
![SQL Injection Cheet Sheet](https://framerusercontent.com/images/2hVMtAbTduS7u1Pk6yMCXHUNw.png)
API Security
6 Mins
SQL Injection Cheat Sheet
A comprehensive guide to SQL Injection vulnerabilities, techniques, and examples. Learn how to exploit different databases and bypass WAF.
![Medusa Author](https://framerusercontent.com/images/BPOXATRLJaSq7ZiElHx742kr2c.webp)
Medusa
![Top 10 Best API Security Practices](https://framerusercontent.com/images/IsAsScGjlyrBnBy1PQMQ73fpGQY.png)
API Security
10 mins
# Top 10 API Security Best Practices You Must Implement
A comprehensive guide on the top 10 API security best practices, covering authentication, encryption, testing, and vulnerability prevention.
![Medusa-author](https://framerusercontent.com/images/PKmtip3OpRWpAAyFRrsi2ryTyk.png)
Medusa
![OWASP Top 10 API Security Threats 2023](https://framerusercontent.com/images/4q2xRj2N7ElldlbBUJ7VJuAZvo.png)
API Security
6 min
Exploring the OWASP API Top 10: The Leading Security Threats of 2023
The OWASP Top 10 for API 2023 is the latest list released by the Open Web Application Security Project (OWASP). In this blog you will learn what are these top 10 API vulnerabilities and how to protect your APIs against them.
![Medusa Author](https://framerusercontent.com/images/PKmtip3OpRWpAAyFRrsi2ryTyk.png)
Medusa
![XML Injection: examples, cheatsheet and prevention](https://framerusercontent.com/images/pmfceyPLJftA61ItmwCT2FygVXE.png)
API security
15 mins
XML injection vulnerability: Examples, cheatsheet and prevention
XML Injection is a type of attack that targets web applications that generate XML content. Attackers use malicious code to exploit vulnerabilities in XML parsers to manipulate the content of an XML document.
![Author Image](https://framerusercontent.com/images/PKmtip3OpRWpAAyFRrsi2ryTyk.png)
Medusa
![](https://framerusercontent.com/images/yXtVI7ekXggmtlV3FPzjkRHxsUA.png)
API Security
8 mins
What is IDOR? Insecure direct object reference
IDOR is a type of security vulnerability that is caused by an application's failure to properly validate and authorize user input leading to unauthorized action.
![Author Image](https://framerusercontent.com/images/PKmtip3OpRWpAAyFRrsi2ryTyk.png)
Medusa
![CORS vulnerability](https://framerusercontent.com/images/7OrncGVGJxsZs4932qDB8P9lLhg.png)
API Security
9 mins
CORS Vulnerabilities: How Attackers Exploit Cross-Origin Resource Sharing to Steal API Keys
CORS is commonly used to enable web pages to interact with APIs hosted on a different domain than the web page itself.
![](https://framerusercontent.com/images/PKmtip3OpRWpAAyFRrsi2ryTyk.png)
Medusa
![SQL Inection](https://framerusercontent.com/images/sceMnJ51nKdfD4uYHD2wCZorPsM.png)
API Security
10 mins read
SQL Injection: A Comprehensive Guide to Understanding SQL Injection Risks
SQL Injection (SQLi) is a type of attack where an attacker injects malicious SQL code into a vulnerable application's database query.
![Author Image](https://framerusercontent.com/images/PKmtip3OpRWpAAyFRrsi2ryTyk.png)
Medusa
![test-BOLA](https://framerusercontent.com/images/bc5Exs2MsHkeDSgBp1BtbqAMRWc.png)
API Security
6 mins read
How To Test BOLA by Parameter Pollution Using Akto
In 2016, a security researcher discovered a vulnerability that allowed attackers to bypass Uber's two-factor authentication system and take over accounts by exploiting BOLA via parameter pollution.
![](https://framerusercontent.com/images/PKmtip3OpRWpAAyFRrsi2ryTyk.png)
Medusa
![Test-BFLA-using-Akto](https://framerusercontent.com/images/X7r45uoX83U4W40lnb0tQyMd7LY.png)
API Security
8 mins read
BFLA: How to test Broken Function Level Authorization by Changing the HTTP Method Using Akto?
The Equifax data breach in 2017, which exposed the personal information of 143 million individuals, was a result of a vulnerability in the Apache Struts API framework and a broken functionality level authorization (BFLA) in Equifax's web application.
![](https://framerusercontent.com/images/PKmtip3OpRWpAAyFRrsi2ryTyk.png)
Medusa
![Test mass assignment vulnerability](https://framerusercontent.com/images/f9BIVAdjxQ3V9TU2Y22qQzTAnc.png)
API Security
5 min read
Mass Assignment Vulnerability: How to Test Mass Assignment in APIs using Akto
This blog is about learning mass assignment vulnerability, how to find it manually, how to test for it using Akto and finally how to prevent it.
![](https://framerusercontent.com/images/PKmtip3OpRWpAAyFRrsi2ryTyk.png)
Medusa
![top-10-owasp-apisecurity-2019](https://framerusercontent.com/images/BztePgpfByc7RF4fPGTeoGLV3QQ.png)
API Security
10 min read
What's changed in OWASP API Security Top 10 2023 Release Candidate from 2019?
In this blog, we will compare the changes of OWASP API Security Top 10 2019 and OWASP API Security Top 10 2023 release candidate.
![Author Image](https://framerusercontent.com/images/VlJgqKnuAfp5BnUpSLDZA0VvlU.png)
Jaydev Ahire
![Top-10-OWASP-API-Security](https://framerusercontent.com/images/N410L8amP4LEdWDVVyLEB6FOJS8.png)
API Security
8 min read
What is Broken Object Level Authorization (BOLA)?
Broken Object level Authorization is the most critical vulnerability in OWASP Top 10 of APIs.
![](https://framerusercontent.com/images/VlJgqKnuAfp5BnUpSLDZA0VvlU.png)
Jaydev Ahire
![What-is-BUA](https://framerusercontent.com/images/AopOi64RAuvO3rUr4w5Up9xQgI.png)
API Security
6 min read
Broken Authentication: What is Broken User Authentication (BUA)?
Broken User Authentication is one of the most critical vulnerability in OWASP Top 10 of APIs.
![](https://framerusercontent.com/images/VlJgqKnuAfp5BnUpSLDZA0VvlU.png)
Jaydev Ahire
![How to test JWT-NONE Algorithm](https://framerusercontent.com/images/jVsqn8wlJFuBh1S5XQdQJc8n2E.png)
API Security
5 min read
How to Test JWT NONE Algorithm Vulnerability?
In this blog, you will learn How to test JWT NONE Algorithm vulnerability using Akto.
![Jaydev Ahire](https://framerusercontent.com/images/VlJgqKnuAfp5BnUpSLDZA0VvlU.png)
Jaydev Ahire
![BOLA-Test-Case-1](https://framerusercontent.com/images/2ZOGtFLsrbSLAcAohylX3U2hY.png)
API Security
6 min read
Defending Against BOLA Attacks: Testing Endpoints with Vulnerable User IDs
In this blog you will learn how to test for Broken Object Level Authorization with weak enumerable user IDs.
![](https://framerusercontent.com/images/VlJgqKnuAfp5BnUpSLDZA0VvlU.png)
Jaydev Ahire
![Bola Test Case](https://framerusercontent.com/images/1HgP6PUUeafbrRJNTrPzrzwV5tE.png)
API Security
5 min read
Testing UUID Security: Preventing BOLA Exploitation on API Endpoints
This blog is about how to test for BOLA using unauthorized UUID on an API endpoint.
![Jaydev Ahire](https://framerusercontent.com/images/4BYn7onD3UFFhLHjhTwXZyveuqs.png)
Jaydev Ahire
Monthly product updates in your inbox. No spam.
No spam. Ever.