Welcome back to the REST Assured blog series for Part 3: Reporting. While often overlooked by security professionals, compiling reports is almost always required among penetration testers post-testing. That’s why today we’re going to review how to put all of our findings together and have a thorough paper trail. Reporting Using Burp Suite, it’s relatively
Welcome back! In part 1 of REST Assured blog series, we discussed the definitions and history behind APIs, and we reviewed the proper configuring of Burp Suite for conducting security testing against them. In Part 2 of the blog, we’re going to be getting into the fun part: Testing. Testing I’ll preface the testing first
Introduction: Hello and welcome to our 3-part blog series where we will take a dive into the technical aspects of conducting exhaustive penetration tests against REST API services and generating reports based on what tests were performed and what our findings are. Due to the subject matter being relatively technical, I’m taking some assumptions in
Is your organization taking proactive measures to prevent a data breach? From 2016 to 2017, the number of data breaches in the U.S. increased by 45%. According to the Identity Theft Resource Center, more than 1,500 data breach incidents occurred in 2017, of which 53% exposed social security numbers and 19% exposed credit card numbers.
I recently spent some time exploring the issue of CloudFront domain hijacking. This is not a new issue but I think it has gone mostly unnoticed for a few reasons: CloudFront’s default behavior is not intuitive. Some standard DNS configurations can mislead users into thinking that their vulnerable domains are configured correctly. In the