API Security Archives - Krishna Gupta

K02: Supply Chain Vulnerabilities – A Comprehensive Guide for Software Developers and Architects

26 April 2025 by Krishna

The modern digital landscape is increasingly dependent on complex software supply chains, making them a prime target for cyber threats. Supply chain vulnerabilities in software development can have far-reaching consequences, from data breaches to full-scale operational disruptions. Software developers and architects must understand these risks to design resilient systems and mitigate potential threats proactively.
This blog post will provide a deep dive into supply chain vulnerabilities, covering their origins, real-world examples, risk mitigation strategies, and best practices for securing software ecosystems.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Missing Authentication for Critical Function (CWE-306)

30 March 2025 by Krishna

2024 CWE Top 25 Most Dangerous Software Weaknesses: Missing Authentication for Critical Function (CWE-306) In today’s software-driven world, security vulnerabilities can have catastrophic consequences, from financial losses to reputational damage. Among the 2024 CWE (Common Weakness Enumeration) Top 25 Most Dangerous Software Weaknesses, CWE-306: Missing Authentication for Critical Function stands out as a critical issue …

Continue

2024 CWE Top 25 Most Dangerous Software Weaknesses: Use of Hard-coded Credentials (CWE-798)

27 March 2025 by Krishna

Hard-coded credentials refer to embedding authentication information such as usernames, passwords, API keys, or cryptographic keys directly into the source code. Developers might do this for convenience, testing, or quick deployment. However, these credentials often remain in production, creating vulnerabilities.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Server-Side Request Forgery (SSRF) CWE-918

24 March 2025 by Krishna

At its core, SSRF arises when an attacker can manipulate a server to send HTTP requests to arbitrary destinations, often bypassing firewalls, access controls, and other security measures. The vulnerability stems from improper validation of user-supplied URLs or inputs that dictate server-side request behaviour.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Improper Authentication (CWE-287)

19 March 2025 by Krishna

Improper Authentication occurs when a software application fails to properly verify the identity of a user or system attempting to gain access. This weakness enables unauthorised entities to bypass security measures and gain access to sensitive data or system functionalities.