Collaborate Disseminate
This is a very strange occurrence and could be a false alarm.
I am testing an API from an advertisement network for my WPF desktop app.
I made a GET request to this exact test link (generic sample provided by the ad network):
https://adapi… Continue reading API GET Request resulted in a Bitdefender thread alert
My web application need to make call to 3rd party REST API which is protected by Basic authentication on some user click. We are planning to use a technical user for the call.
This will expose the Authorization header in network call in br… Continue reading Authorization Header in dev tools
I am currently developing against a RESTful API that seemingly has a rather weird auth flow.
I got an API key consisting of an ID (public) and a "secret" (which seems to be a UUID).
Now, whenever I want to call the API, I have to… Continue reading Authentication & Authorization via md5(userid + secret + endpoint + payload)?
I am writing a mobile app that uses a read only REST service that sits behind our company firewall. The actual data supplied by the REST service is not private but I am concerned with a hacker using it to get behind the firewall. I have f… Continue reading Securing a read-only REST service for mobile access
I have a Angular web app that interacts with a REST-API. Requests are authenticated with a JWT Bearer token. I now want to add support for Windows-Authentication.
My current plan is to add a POST-Endpoint /token to the REST-API, which acc… Continue reading How to prevent CSRF attacks on a REST API when using Windows Authentication
I’m building an API with websocket that serializes data through JSON. The App itself is a chat application. I came up with the following structure to send my data:
{date: ‘2020-05-31′, time: ’14:28:05’, text: “Hey!”, to: ‘<id:int>’,… Continue reading Protect API from being tampered?
I have a mobile application and the backend is hosted on a cloud provider. I would like to ask for feedback on encrypting all REST API calls that will be used to communicate with the server, if we should or we shouldn’t do it.
Adding deta… Continue reading Should we encrypt all REST API calls from a mobile device?
I am trying to scan our internal site’s REST APIs using WebInspect. As the site does not yet follow the Open API Standards or use the Swagger tool, it does not have a .json file that contains the API definitions.
In WebInspect’s document,… Continue reading REST API scanning using WebInspect
Im having a hard time with a CTF, i managed to exploit a path traversal vulnerability that lead me to read a configuration file in php that indicates:
define(‘rest_auth’, ‘digest’);
define(‘rest_username’, ‘webservices’);
define(‘rest_pas… Continue reading Connecting to REST server w/ digest auth using postman
Im having a hard time with a CTF, i managed to exploit a path traversal vulnerability that lead me to read a configuration file in php that indicates:
define(‘rest_auth’, ‘digest’);
define(‘rest_username’, ‘webservices’);
define(‘rest_pas… Continue reading What can i do with REST Server credentials?