Applications, Authentication, Exercises and Open Source

If You’re Only Doing WAF, You’re Doing API Security Wrong

ForAllSecure

FEBRUARY 15, 2023

Some organizations have begun using Web Application Firewalls (WAFs) to protect their APIs, but this isn’t a true solution to API security. An application programming interface (API) allows various computer programs to work together by sharing data. What do APIs do? Unfortunately, that’s already happened.

Security

Security Firewall Authentication Programming

The Mayhem for API Difference - A ZAP - Mayhem for API Scan Comparison

ForAllSecure

SEPTEMBER 7, 2022

ZAP is an open-source web application security scanner that can be used by both those new to application security as well as professional penetration testers. Create a user in the application and get a bearer token: curl --location --request POST "[link]. header 'Content-Type: application/json'.

Comparison

Comparison Applications Tools Authentication

The Mayhem for API Difference - A ZAP - API Scan Comparison

ForAllSecure

SEPTEMBER 7, 2022

ZAP is an open-source web application security scanner that can be used by both those new to application security as well as professional penetration testers. Create a user in the application and get a bearer token: curl --location --request POST "[link]. header 'Content-Type: application/json'.

Comparison

Comparison Applications Tools Authentication

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Don’t Get Left Behind: Leveraging Modern Product Management Across the Organization

MORE WEBINARS

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

I mean, it was open source, right? And how many other serious vulnerabilities like Heartbleed are lurking unknown in the applications we use everyday, in the websites we depend on, and in the devices we carry. And traditional application security tools like static analysis, they couldn’t find it. No shame in that.

Open Source

Open Source Tools Security Software

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

I mean, it was open source, right? And how many other serious vulnerabilities like Heartbleed are lurking unknown in the applications we use everyday, in the websites we depend on, and in the devices we carry. And traditional application security tools like static analysis, they couldn’t find it. No shame in that.

Open Source

Open Source Tools Security Software

The Hacker Mind Podcast: Hunting The Next Heartbleed

ForAllSecure

NOVEMBER 24, 2020

I mean, it was open source, right? And how many other serious vulnerabilities like Heartbleed are lurking unknown in the applications we use everyday, in the websites we depend on, and in the devices we carry. And traditional application security tools like static analysis, they couldn’t find it. No shame in that.

Open Source

Open Source Tools Security Software

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. Problem is, MAC addresses are not great for authentication. Calderon: Paulino Calderon, I'm a senior application security consultant with Websec.

Internet

Internet Research Security Tools

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In 2013, researcher Nitesh Dhanjani found that a popular brand used simple MD5 hashes of the device's MAC addresses for authentication. Problem is, MAC addresses are not great for authentication. Calderon: Paulino Calderon, I'm a senior application security consultant with Websec.

Internet

Internet Research Security Tools

Geek of the Week: Tech vet Dick Hardt searches for a better way to verify your ?internet identity?

GeekWire

JUNE 2, 2020

Dick Hardt has often been “early to the new,” as he puts it: Microsoft Windows in 1986, neural networks in 1989, the internet in 1993, open source in 1995, and even Burning Man in 1999. “The user’s privacy is protected, as from the application’s point of view the provider is always SignIn.org.

Internet

Internet Architecture Microsoft Applications

Decentralization in Sovrin

Phil Windley

OCTOBER 23, 2018

Our goal is for the Sovrin Network to be an open, public, decentralized utility for digital identity. Those three adjectives deserve some explanation: open —The Sovrin network is based on the open-source Hyperledger Indy project. The governance of the Sovrin Network should also be open.

Open Source

Open Source Network Architecture Government

Information Technology Zone

If You’re Only Doing WAF, You’re Doing API Security Wrong

The Mayhem for API Difference - A ZAP - Mayhem for API Scan Comparison

Webinars

Trending Sources

The Mayhem for API Difference - A ZAP - API Scan Comparison

Webinars

The Hacker Mind Podcast: Hunting The Next Heartbleed

The Hacker Mind Podcast: Hunting The Next Heartbleed

The Hacker Mind Podcast: Hunting The Next Heartbleed

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Geek of the Week: Tech vet Dick Hardt searches for a better way to verify your ?internet identity?

Decentralization in Sovrin

Stay Connected