Don’t get Zoomed!

Don’t get Zoomed!

Zoom has had a tough week. While usage has been setting new records they have had to cope with a slew of security gaffes that have received lots of media attention. Concern over some of these issues is justified. However, Zoom seems to be getting more than its fair...
Manipulating APIs for Security Test Automation

Manipulating APIs for Security Test Automation

We perform application-level security assessments of APIs quite frequently. About a year ago I was working on a project with a large REST API. Roughly 1,300 routes implemented across dozens of micro-services with a very complex role based authorization framework....