Tag feed

#apisecurity

26 posts5 followers

Explore Hashnode

Alternatives

Trending tags this week

MSManuela Schrittwieserneuralstackms.techApr 9 · 14 min read

Secure-by-Design Patterns for LLM-Backend APIs

Standard API security is necessary but not sufficient when your backend is a large language model. LLMs introduce an entirely new attack surface one that lives inside the model's context window. This

6

CISA

TLTanvi Londhetravel-techie.hashnode.devJan 8 · 7 min read

Travel CRM Deep Dive: Architecture, Integration, and Why Generic Solutions Fail

If you've ever worked with travel industry clients, you know they have... unique requirements. Multi-leg bookings spanning continents, complex supplier relationships, seasonal pricing madness, and customers who expect you to remember their hotel pill...

0

AAAbdelrhman Allamsl4x0.xyzDec 23, 2025 · 3 min read

Sanity to Insanity: Chaining Public CMS Misconfigurations to Remote Admin Access on Production

In this write-up, I’m going to show you how I pulled a single loose thread a forgotten JavaScript file on a dev server and unraveled an entire company’s security architecture, achieving full Administrative Account Takeover on their live production en...

0

VPVeronica Petersverawrites.hashnode.devDec 17, 2025 · 13 min read

API Keys, Tokens & Secrets: How They Leak and How Developers can Avoid it

Credential exposures are one of the fastest paths to compromise. In 2024 alone, GitHub detected over 39M leaked secrets across its platform, prompting new security protections and organization‑wide scanning features. Independent studies consistently ...

0

IAIsrael Adedamolakamii.hashnode.devNov 20, 2025 · 4 min read

Application Security Audit Report: Architectural Insights & Lessons Learned

1. Abstracted Findings & Security Patterns During the audit of a hybrid-architecture web application, several recurring patterns emerged where functional requirements conflicted with security best practices. The "Trusting Controller" Pattern (Implic...

0

IAIdris Adenijialvacoder.hashnode.devNov 6, 2025 · 2 min read

Your UI is Not Part of Security: The Reality of BOLA

When building applications, it’s tempting to assume that security lives in the user interface (UI). After all, the UI dictates what the end user can see and do. But here’s the truth: attackers rarely care about your UI. They go straight to your APIs....

0

IAIdris Adenijialvacoder.hashnode.devNov 6, 2025 · 3 min read

Authentication vs. Authorization: The Foundation of Secure Access Control

In my previous article, “Your UI is Not Security”, we explored BOLA (Broken Object Level Authorization) — one of the most common and damaging API vulnerabilities which often doesn’t come from complex exploits. It happens when applications fail to cor...

0

4N4Achievers Noidaachieversnoida.hashnode.devSep 9, 2025 · 4 min read

What types of APIs have you tested?

For software testers who want to create a successful profession in quality assurance, API Testing Training in Noida has become a must-have. In the digital world we live in today, apps don't only work on their own; they talk to each other using APIs ...

0

NSNEELAM SAI KUMARsecure-golang-api-with-jwt.hashnode.devAug 4, 2025 · 3 min read

🔐 Adding JWT Authentication to Your Golang API with Gin

If you're building APIs with Go, sooner or later you'll need to authenticate users. One of the most popular and scalable ways to do this is by using JWT (JSON Web Tokens). In this guide, we'll walk through: What JWT is and why it's useful How to im...

0

CTCqlsys Technologies Pvt. Ltdai-cloud-digital-transformation-company-cqlsys-technologies.hashnode.devJul 22, 2025 · 5 min read

Top Payment Gateway APIs for On-Demand Apps in the USA (2025)

The on-demand economy continues to boom in the USA, from food delivery to ride-sharing and handyman services. At the heart of every successful on-demand app lies a seamless and secure payment experience. In 2025, choosing the right payment gateway AP...

0

#apisecurity

Search Hashnode

#apisecurity

Explore Hashnode

Trending tags this week

Secure-by-Design Patterns for LLM-Backend APIs

Travel CRM Deep Dive: Architecture, Integration, and Why Generic Solutions Fail

Sanity to Insanity: Chaining Public CMS Misconfigurations to Remote Admin Access on Production

API Keys, Tokens & Secrets: How They Leak and How Developers can Avoid it

Application Security Audit Report: Architectural Insights & Lessons Learned

Your UI is Not Part of Security: The Reality of BOLA

Authentication vs. Authorization: The Foundation of Secure Access Control

What types of APIs have you tested?

🔐 Adding JWT Authentication to Your Golang API with Gin

Top Payment Gateway APIs for On-Demand Apps in the USA (2025)