application security Articles

Broken Function Level Authorization — Web API Security Champion Part V

Krzysztof Pranczk Application Security July 16, 2024

Explaining one of the most common web API vulnerability classes — Broken Function Level Authorization in a practical manner. Providing a case study example based on the Damn Vulnerable RESTaurant API, including methods for identifying and preventing these vulnerabilities.

Unrestricted Resource Consumption in a Password Reset — Web API Security Champion Part IV

Krzysztof Pranczk Application Security June 17, 2024

Presenting an Unrestricted Resource Consumption vulnerability class using a password reset feature as an example.

Web API Security Champion Part III: Broken Object Property Level Authorization (OWASP TOP 10)

Krzysztof Pranczk Application Security May 26, 2024

Broken Object Property Level presented in a practical way with methods for identifying and preventing vulnerabilities based on OWASP.

Web API Security Champion Part II: Broken Authentication (OWASP TOP 10)

Krzysztof Pranczk Application Security May 6, 2024

Explaining one of the most common web API vulnerability classes - Broken Authentication in a practical manner. Providing a case study example based on the Damn Vulnerable RESTaurant API, including methods for identifying and preventing these vulnerabilities.

Comparing DefectDojo Pro and OWASP Edition for DevSecOps

Krzysztof Pranczk Vulnerability Management May 5, 2024

A review of DefectDojo Pro — a paid version of a well-known vulnerability management solution: Does DefectDojo Pro address all the pain points of DefectDojo OWASP Edition?

Vulnerability Management with DefectDojo — is it great for DevSecOps?

Krzysztof Pranczk Vulnerability Management May 5, 2024

Presenting capabilities of DefectDojo in context of Vulnerability Management for DevSecOps and traditional application security engineers.

Prioritising Vulnerabilities Remedial Actions at Scale with EPSS

Krzysztof Pranczk Vulnerability Management April 27, 2024

In this article, I’m presenting the Exploit Prediction Scoring System and its practical use cases in tandem with Common Vulnerability Scoring System.

Web API Security Champion: Broken Object Level Authorization (OWASP TOP 10)

Krzysztof Pranczk Application Security April 17, 2024

Explaining one of the most common web API vulnerability classes - Broken Object Level Authorization in a practical manner. Providing a case study example based on the Damn Vulnerable RESTaurant API, including methods for identifying and preventing these vulnerabilities.

Security Code Challenge for Developers & Ethical Hackers – The Damn Vulnerable RESTaurant

Krzysztof Pranczk Application Security April 1, 2024

Introduction to a security code challenge dedicated to developers and ethical hackers. This challenge focuses on identifying and fixing web API security vulnerabilities in a Python FastAPI-based restaurant API.

Using osv-scanner – Software Composition Analysis from Google

Krzysztof Pranczk Application Security March 28, 2024

At the beginning of 2023 Google released an open-source Software Composition Analysis tool — osv-scanner. In this article I'm presenting how it can be configured and utilised using popular open-source projects as examples.

Posts Tagged

Broken Function Level Authorization — Web API Security Champion Part V

Unrestricted Resource Consumption in a Password Reset — Web API Security Champion Part IV

Web API Security Champion Part III: Broken Object Property Level Authorization (OWASP TOP 10)

Web API Security Champion Part II: Broken Authentication (OWASP TOP 10)

Comparing DefectDojo Pro and OWASP Edition for DevSecOps

Vulnerability Management with DefectDojo — is it great for DevSecOps?

Prioritising Vulnerabilities Remedial Actions at Scale with EPSS

Web API Security Champion: Broken Object Level Authorization (OWASP TOP 10)

Security Code Challenge for Developers & Ethical Hackers – The Damn Vulnerable RESTaurant

Using osv-scanner – Software Composition Analysis from Google

Krzysztof Pranczk

Recent Posts

DevSec Selection #20 – Top Routinely Exploited Vulnerabilities in 2023 and Promising Open-source Tools

DevSec Selection #19 – Swiss Army Knife for DevSecOps, DEF CON 32 Talks, Okta Authentication Vulnerability

DevSec Selection #18 – Bug Bounty Hunting Resources, Vulnerability Prioritization, Time-to-Exploit Trends

Categories