tl;dr we scanned 6031+ public APIs on the internet with our in-house feedback driven exploration tech and ranked them using security, performance, reliability, and design criteria. The results are public on APIrank.dev. You can also request to index your own API for free and see how it compares| Escape DAST - Application Security Blog
Discover GraphQL security experience from the GraphQL pentester point of view. This article will explain discovery in the pentesting process.| Escape DAST - Application Security Blog
Ever had troubles managing your git hooks in a monorepository ? We did too, so we created Mookme to solve our problems. Here is a git hook manager for dealing with different projects and languages, automated filtering, ease of configuration and setup.| Escape DAST - Application Security Blog
Escape launches the first Asset Inventory and Attack Surface Management solution for GraphQL APIs with its new API Catalog feature.| Escape DAST - Application Security Blog
Introducing Graphinder, a lightweight and blazing fast GraphQL endpoint finder, making penetration testing on GraphQL much faster ⚡️| Escape DAST - Application Security Blog
Introduction Automating the audit of APIs is a very hard problem: we want to dynamically evaluate those APIs' security, performance, and reliability. But APIs take parameters that are tightly coupled to the underlying business logic. We need a way to know what sequences of requests to send, with what parameters,| Escape DAST - Application Security Blog
Enhance GraphQL security with input validation & sanitization. Learn about homemade middleware,directives and custom scalars for protecting APIs| Escape DAST - Application Security Blog
Web safety matters. XSS is like sneaky bad notes, while CSRF tricks sites as if it's you. Both misuse website trust. We'll explore how they work and how to protect sites, including using CSRF tokens. Learn about online security with us!| Escape DAST - Application Security Blog
Confusion between authentication and authorization causes data leaks. Learn the difference and how to implement the right access control pattern in your GraphQL API.| Escape DAST - Application Security Blog
The main argument for disabling introspection is that it can be a security risk.Learn why disabling introspection in GraphQL may not be necessary| Escape - The API Security Blog
For several days now, your users have been complaining about losing access to your web service. If at first you thought it was a simple coincidence and certainly a fault of the users, the incident starts to be strongly repeated and noticed. You rush to your monitors and notice an| Escape - The API Security Blog
Cross-Site Scripting (XSS) happens when attackers send malicious scripts via web apps to end users. Learn how to remediate it in GraphQL apps.| Escape - The API Security Blog
GraphQL has no security by default. All doors are open for the most basic attacks. Read more to learn about the exact threats and some simple strategies you can implement to get your users' data under lock and key 🔐| Escape - The API Security Blog
Discover the latest insights into the 2023 OWASP API Security Top 10, as we delve into the most critical vulnerabilities and best practices to protect your APIs.| Escape - The API Security Blog
DevSecOps tutorial: Learn hands-on techniques for securing your apps through vulnerability scanning with Nuclei and ensure robust security| Escape - The API Security Blog
Dive into the complexities of securing GraphQL APIs and common vulnerabilities and learn best practices for enhancing GraphQL security.| Escape DAST - Application Security Blog
Prepare for PCI DSS 4.0 compliance with our in-depth guide and protect your payment transactions with robust API security measures.| Escape DAST - Application Security Blog
This article was written by the guest expert, Aleksandr Krasnov. Aleksandr is the DevSecOps expert, principal security engineer, and an advisor. He has worked in companies like Meta, Dropbox, and Palo Alto Networks.| Escape - The API Security Blog
