Treblletrebllemakers.hashnode.dev·Jan 20, 202530,000 APIs Exposed: Lessons from the Postman Data BreachSummary • Postman data leak exposed over 30,000 public workspaces, revealing sensitive information like API keys, tokens, and credentials due to misconfigured sharing settings. • Poor security practices, including inadequate secrets management, failu...APIs
Swarup Kanadeswarupkanade.hashnode.dev·Jan 16, 2025Spring Boot Security: How to Implement JWT Authentication with Refresh TokenJSON Web Tokens (JWT) have become the industry standard for authentication in modern web applications. This guide walks through implementing JWT authentication in a Spring Boot application, adding a refresh token mechanism for enhanced security and a...RESTful API Security
Fırat TONAKfirattonak.com·Jan 15, 2025Enhancing API Security with Middleware: Filtering and Masking Requests in .NET CoreMiddleware is a key part of how modern web apps are built, working as a middle layer that handles requests and responses. In API systems, middleware helps make things safer, work better, and follow rules about protecting data. One big problem develop...ASP.NET Core SnippetsRequest Filtering
Nainaznainaz.hashnode.dev·Dec 25, 2024Security Policy - OAuth 2.0It is an Authorization protocol, that enables applications to access information on behalf of users.In Oauth, the information is accessed from the resource using an Access token. How to get the Access token?1. The application users pass the key and s...ApigeeSecurity Policy - OAuth 2.0
Nainaznainaz.hashnode.dev·Dec 23, 2024JSON Web Signature (JWS)This policy is a data structure representing a MACed (HMAC algorithm) or digitally signed message.It is signed using a shared key or public/private key.We can choose different algorithms for these.Example:- HS256 algo uses shared key.- RS256 algo use...ApigeeJSON Web Signature (JWS)
Treblletrebllemakers.hashnode.dev·Dec 17, 2024Lessons in API Security: DocuSign’s API AbuseAPI abuse has become a significant concern in recent years, with incidents increasing by 35% over the past two years. This rise highlights cybercriminals' growing exploitation of APIs, as seen in the recent DocuSign incident. Attackers leveraged legi...api security
Treblletrebllemakers.hashnode.dev·Dec 9, 2024SSRF vs CSRF: What is Server-Side Request Forgery?Most developers will have heard of Cross-Site Request Forged (CSRF) before. It’s a constant threat that affects any website with a form or that performs any actions, and we typically have to mess around with CSRF tokens, XSRF headers, SameSite cookie...api security
Treblletrebllemakers.hashnode.dev·Dec 3, 2024A Gateway to API Observability: Treblle & Traefik Enter a Game-changing PartnershipSophisticated API runtime management paired with a smart platform that serves users the right API observability data and metrics sounds like a supremely valuable solution to API leaders and practitioners. This is why we’re extremely excited to announ...APIs
Treblletrebllemakers.hashnode.dev·Nov 27, 2024It’s an API; do I really need to escape anything?Let’s discuss escaping output with APIs, as I’ve found this is an area that’s often overlooked and may come back to bite you. I once found a vulnerability in a popular open-source project that made the unfortunate assumption that API output didn’t ne...api security
Yilia Linapi7.hashnode.dev·Nov 14, 2024API7 Enterprise v3.2.16.4 Supports Webhook/Email Alerts NotificationsTo address the surge in enterprise data volume and the increased complexity of system monitoring, API7 Enterprise has fully upgraded the alerting functionality in version 3.2.16.4. The new version introduces contact points that allow users to integra...10 likesalerting