Posts about

A Series - ShipFast

PRACTICAL API SECURITY WALKTHROUGH — PART 4

January 18, 2018

Editor's note: This post was originally published in January 2018 and has been revamped and updated for accuracy and comprehensiveness. The latest update was in September 2020. Welcome back! This is the fourth and final part of a mini series which uses a fictional product, “ShipFast”, to walk you through the process of defending against various exploits in a mobile application to gain access to data on a remote server allowing real users of the system to gain an unfair business advantage at the expense of the company. In this post, I'll dive into the third API security attack scenario and what is required to effectively defend against it. Read Full Story

Practical API Security Walkthrough — Part 3

January 17, 2018

Editor's note: This post was originally published in January 2018 and has been revamped and updated for accuracy and comprehensiveness. The latest update was in September 2020. Welcome back! This is the third part of a mini series which uses a fictional product, “ShipFast”, to walk you through the process of defending against various exploits in a mobile application to gain access to data on a remote server allowing real users of the system to gain an unfair business advantage at the expense of the company. Read Full Story

Practical API Security Walkthrough — Part 2

January 16, 2018

Editor's note: This post was originally published in January 2018 and has been revamped and updated for accuracy and comprehensiveness. The latest update was in September 2020. Welcome back! This is the second part of a mini series which uses a fictional product, “ShipFast”, to walk you through the process of defending against various API security exploits in a mobile application to gain access to data on a remote server allowing real users of the system to gain an unfair business advantage at the expense of the company. Read Full Story

Practical API Security Walkthrough — Part 1

January 12, 2018

Editor's note: This post was originally published in January 2018 and has been revamped and updated for accuracy and comprehensiveness. The latest update was in September 2020. Welcome! A quick question: Do you know what’s using your API? Really? Read Full Story