The first step in securing any organization is to understand what you have. Unless you have a strong understanding of the systems and services on your network, you have no hope of keeping it both secure and usable. You could implement extremely strong controls to lock down everything, but then business operations come to a …
In our blog series on Better API Penetration Testing with Postman we discussed using Postman as the client for testing RESTful service APIs. Insomnia is an MIT-licensed open source alternative to Postman. Its commercial maintainer, Kong, is best known for their microservice API Gateway. Like Postman, Kong offers premium subscriptions for syncing and collaboration functionality. …
Getting Started API Penetration Testing with Insomnia Read More »
When an organization has a breach, you would like to imagine that the attacker crafted a new exploit, leveraging a zero-day vulnerability that no one has any protection against. However, It is far more likely that the attacker exploited well-known vulnerabilities that may have been residing within their systems for months, if not years. Attackers …