Manipulating APIs for Security Test Automation

Manipulating APIs for Security Test Automation

We perform application-level security assessments of APIs quite frequently. About a year ago I was working on a project with a large REST API. Roughly 1,300 routes implemented across dozens of micro-services with a very complex role based authorization framework....

Android 7 Cellular MiTM

Performing security assessments of complex systems sometimes requires some technical gymnastics to “man-in-the-middle” (MITM) communications between components. MITM techniques are essential for observing and manipulating communications in ways that a...
MiTM using Golang, meet Timmy

MiTM using Golang, meet Timmy

This post is an introduction to Timmy (Tiny evil man in the middle). There are a lot of MiTM tools used to assess software that communicates via TCP/IP. They all have a few basic ingredients, but often differ stylistically or in their intended use cases....