cyberfreak.hashnode.devThe Fundamentals of API Security: Part 2If Part 1 focused on prevention through governance and design, this part focuses on detection and defence. Even secure APIs degrade over time: Code changes Infrastructure updates Configuration drif2d ago·3 min read
cyberfreak.hashnode.devThe Fundamentals of API Security: Part 1Modern applications are no longer page-driven. They are API-driven. Mobile apps, SaaS platforms, fintech dashboards, and IoT systems all rely on APIs to move sensitive data between users and backend s4d ago·4 min read
cyberfreak.hashnode.devHow to Test for IDOR VulnerabilitiesYou log into a web app to download your invoice. The URL looks harmless: https://example.com/invoice?id=4521 Out of curiosity, you change the number to 4520. You suddenly see someone else’s invoice. Feb 22·4 min read
cyberfreak.hashnode.devGovernance, Risk and Compliance: The non-technical side of CybersecurityCybersecurity is often dominated by sophisticated hacks, advanced technology, and complex coding. A fundamental aspect, however, operates largely in the shadows -- Governance, Risk, and Compliance (GRC). Governance, Risk, and Compliance (GRC) is a wa...Sep 18, 2023·3 min read
cyberfreak.hashnode.devThe Cyber Kill Chain: Decoding the Anatomy of a Cyber AttackThe U.S. military has a methodical approach called the "Kill Chain" for targeting and engaging an opponent to achieve specific outcomes. The process involves six steps known as F2T2EA: find, fix, track, target, engage, and assess. The first step is t...Aug 1, 2023·5 min read
