In this article, we discuss our team's journey in exploring and identifying vulnerabilities in Kong and Konga, two open-source API management tools. By dissecting the software and discovering potential security issues, we contribute to a more secure implementation of these tools. The article emphasizes responsible disclosure, hardening processes, and the importance of continuously improving software security. It shares our experiences, challenges, and insights, while highlighting the need for...
