Blog

Broken-Auth-API-KrishnaG-CEO

OWASP Top 10 API Security Risks – 2023: API2:2023 – Broken Authentication

by

Authentication is the process of verifying a user’s identity before granting access to resources. In APIs, authentication mechanisms ensure that only authorised clients or users can interact with the system. Broken authentication compromises this trust, potentially leading to data breaches, identity theft, or unauthorised access to sensitive information. As APIs often handle vast amounts of personal and corporate data, even minor authentication flaws can have catastrophic consequences for businesses.
Broken authentication manifests in various forms, each posing unique challenges to developers and penetration testers.

Broken-Authorisation-KrishnaG-CEO

OWASP Top 10 API Security Risks – 2023: API1:2023 – Broken Object Level Authorisation

by

Broken Object Level Authorisation (BOLA) arises when APIs expose endpoints handling object identifiers without adequate access control measures. This vulnerability allows attackers to manipulate object IDs to gain unauthorised access to data.

SLAP-FLOP-Mac-KrishnaG-CEO

SLAP and FLOP: A Critical Security Threat to Apple Devices – A C-Suite Perspective

by

SLAP (Speculative Execution via Load Address Prediction) and FLOP (False Load Output Prediction) are vulnerabilities that exploit the speculative execution feature in Apple’s processors. Speculative execution is a performance optimisation technique where the processor predicts future instructions and executes them in advance. While this significantly improves device speed and efficiency, it also creates a window of vulnerability.

Extraneous-Functionality-KrishnaG-CEO

OWASP Top 10 for Mobile Apps: M10 – Extraneous Functionality

by

Extraneous functionality can be defined as any feature or functionality that is present in a mobile application but is either unintentional or no longer needed. It may be left over from earlier stages of the development process, such as during testing or debugging, or added for convenience but overlooked as the application moves closer to production. Regardless of the reason for its existence, extraneous functionality represents a security risk.

Reverse-Engineering-KrishnaG-CEO

OWASP Top 10 for Mobile Apps: M9 – Reverse Engineering

by

Reverse engineering is the process of analysing a system or software to understand its components, functionality, and architecture. In the context of mobile apps, reverse engineering typically involves deconstructing an app’s compiled code to reveal its source code, data structures, and logic. The goal may be to identify vulnerabilities, extract sensitive data, or alter the app’s behaviour for malicious purposes.