Better API Penetration Testing with Postman – Part 3

In Part 1 of this series, we got started with Postman and generally creating collections and requests. In Part 2, we set Postman to proxy through Burp Suite, so that we could use its fuzzing and request tampering facilities. In this part, we will dig into some slightly more advanced functionality in Postman that you …

Better API Penetration Testing with Postman – Part 3 Read More »

We take security seriously and other trite statements

Earlier this week, Secure Ideas sent an initial notification regarding an incident targeting us that took place at a vendor. The initial notification email is available at: https://training.secureideas.com/newsletter/aom-incident-notification/).We promised at that time to release more details as soon as we collected them and better understood the situation.  In this blog post, we share what we …

We take security seriously and other trite statements Read More »

Burp and Postman

Better API Penetration Testing with Postman – Part 2

In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies – which is essentially the same way a browser does. …

Better API Penetration Testing with Postman – Part 2 Read More »

Security Misconfigurations

The configuration of web and application servers is a very important aspect of web applications. Often times, failure to manage proper configurations can lead to a wide variety of security vulnerabilities within servers and environments. When these configurations are not properly addressed or ignored, the overall security posture can suffer. Sometimes the biggest problem that …

Security Misconfigurations Read More »

Better API Penetration Testing with Postman – Part 1

This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In this post, I’ll give you an introduction to setting …

Better API Penetration Testing with Postman – Part 1 Read More »

Android App Testing on Chromebooks

Part of testing Android mobile applications is proxying traffic, just like other web applications.  However, since Android Nougat (back in 2016), user or admin-added CAs are no longer trusted for secure connections.  Unless the application was written to trust these CAs, we have no way of viewing the https traffic being passed between the client …

Android App Testing on Chromebooks Read More »

OWASP’s Most Wanted

So you ask who is this OWASP and why do I care? Well, let’s hear it directly from them:  “Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.  Our mission is to make software security visible, so that individuals and organizations are able to …

OWASP’s Most Wanted Read More »

Scroll to Top