DEV Community: Vinesh Reddy Talakola

Use the Postman and APIsec EthicalCheck Integration for Better Security Practices

Vinesh Reddy Talakola — Wed, 03 Aug 2022 16:07:09 +0000

How to detect your leaking API endpoints using EthicalCheck

Vinesh Reddy Talakola — Tue, 19 Jul 2022 18:02:14 +0000

I'm a security researcher. I deal with a lot of APIs. When it comes to security testing APIs, there aren't many tools for the job.
Most tools were built for web applications, especially for checking security flaws from legacy application server configurations, browser, session, account login, etc. But API has none of these issues.

When it comes to API security testing, a different tool is needed that can go deep into APIs, OAuth 2.0, and business-logic flaws rather than the legacy approach.

We came up with this simple tool that automatically security tests APIs. Please try this tool and get a free API security testing report for your public, mobile, and web APIs.

Here is the URL:
https://ethicalcheck.apisec.ai

Scan and detect your leaky APIs

Vinesh Reddy Talakola — Mon, 18 Jul 2022 18:40:34 +0000

I'm extremely eager to show you this device I have been chipping away at. This device is based on top of Apisec.ai, an API security stage.

This help is for people with versatile/web applications with backend REST APIs. It performs free and moment entrance testing/security evaluation for the REST APIs.

Simply point towards your live OpenAPI determination record and get a PDF infiltration test report soon.

Kindly attempt and let me in on what is your take?

Here is the immediate connection
https://ethicalcheck.apisec.ai

Best Practices for Securing Your Vulnerable REST APIs

Vinesh Reddy Talakola — Thu, 14 Jul 2022 17:53:30 +0000

Why API security is a typical issue. Most web and versatile applications are security tried sooner or later yet APIs barely stand out. This implies you might have weaknesses in your creation APIs.

For instance, suppose you have a fintech application. It does things like records, moves, and so forth. It has portable/web UIs for playing out these tasks. You could have tried all the UI ways are simply open to a validated client. Some of the time API endpoint like the one beneath is left unstable on the grounds that without acknowledgment and any programmer/bot can get it and consistently make a point to focus on a feed of late exchanges. The best way to fix these sorts of imperfections is to recognize them before they're taken advantage of.

Example endpoint with the flaw: GET: /transactions - Any bot can access it without authentication because it has a broken authentication flaw.

One easy way to detect an OWASP API2 vulnerability or security flaw in your APIs is to use open-source tools like Burp and EthicalCheck. Using these tools is very simple. All you need is your OpenAPI Specification/Swagger URL and get an instant report.

https://ethicalcheck.apisec.ai

API Security Testing Report

Vinesh Reddy Talakola — Wed, 06 Jul 2022 17:29:22 +0000

I'm very anxious to show you this gadget I have been working on. This gadget depends on top of Apisec.ai, an API security stage.
This help is for individuals with adaptable/web applications with backend REST APIs. It performs free and second entry testing/security assessment for the REST APIs.
Just point towards your live OpenAPI assurance record and get a PDF penetration test report soon.
Benevolently endeavor and let me in on what is your take?
Here is the immediate connection
https://www.ethicalcheck.dev

Programming interface Security Assessment

Vinesh Reddy Talakola — Mon, 04 Jul 2022 16:45:48 +0000

I'm extremely eager to show you this device I have been chipping away at. This device is based on top of Apisec.ai, an API security stage.

This help is for people with versatile/web applications with backend REST APIs. It performs free and moment entrance testing/security evaluation for the REST APIs.

Simply point towards your live OpenAPI determination record and get a PDF infiltration test report soon.

Kindly attempt and let me in on what is your take?

Here is the immediate connection
https://www.apisec.ai/free-programming interface pen-test

Scan and detect your leaky APIs

Vinesh Reddy Talakola — Thu, 30 Jun 2022 19:11:37 +0000

The purpose of this article is to show AppSec/developers how to get started with API security scanning tool EthicalCheck and detect your leaking APIs.
Why API leaks are a common problem. Most web and mobile are security tested at some point but APIs hardly get any attention. This means you may have leaking APIs that are live and in production.
Detecting your leaking API endpoints is very simple if you’re using the free tool. All you need is your API OpenAPI Specification/Swagger URL and get instant report.

EthicalCheck - Visit the GitHub page to run your free scan: https://apisec-inc.github.io/pentest/

Detect your leaking API endpoints

Vinesh Reddy Talakola — Thu, 09 Jun 2022 04:42:29 +0000

Bit by bit guidelines to distinguish your spilling API endpoints using EthicalCheck

Vinesh Reddy Talakola — Tue, 07 Jun 2022 17:38:42 +0000

The justification for this article is to show AppSec/engineers how in any case API security looking at mechanical assembly EthicalCheck and perceive your spilling APIs.

Why API spills are an ordinary issue. Most web and adaptable are security attempted at last yet APIs scarcely stick out. This infers you could have spilling APIs that are live and in progress.

Distinguishing your spilling API endpoints is incredibly direct accepting that you're using the free device. All you need is your API OpenAPI Specification/Swagger URL and get second report.

EthicalCheck - Visit the GitHub page to run your free scan: https://apisec-inc.github.io/pentest/
About me: I compose, survey, and fabricate API security apparatuses and best practices.

Automatically Detect Security Bugs in your App/API

Vinesh Reddy Talakola — Thu, 02 Jun 2022 18:15:17 +0000

There are no good options for security testing applications/APIs. Most options are commercial and require complex setup and configurations.

We decided to build a free and open tool for instant App/API security testing. No sign-up is required. No complicated setup is needed either.

Point towards your API and get an instant report. The report helps your detect and fix security vulnerabilities in your APIs. These vulnerabilities could have led to data breaches and punitive damages.

Here is the tool link:
https://apisec-inc.github.io/pentest/

Programming interface Security Assessment

Vinesh Reddy Talakola — Wed, 01 Jun 2022 17:48:04 +0000

I'm extremely eager to show you this device I have been chipping away at. This device is based on top of Apisec.ai, an API security stage.

This help is for people with versatile/web applications with backend REST APIs. It performs free and moment entrance testing/security evaluation for the REST APIs.

Simply point towards your live OpenAPI detail record and get a PDF infiltration test report soon.

If it's not too much trouble, attempt and let me know what is your take?

Here is the direct link
https://www.apisec.ai/free-api-pen-test

Free API Security Testing Report

Vinesh Reddy Talakola — Tue, 31 May 2022 18:02:07 +0000

I'm a security specialist. I manage a great deal of APIs. With regards to security testing APIs, there aren't many devices for the gig.
Most devices were worked for web applications, particularly for checking security defects from heritage application server designs, program, meeting, account login, and so on. In any case, API has none of these issues.
With regards to API security testing, an alternate device is required that can dive deep into APIs, OAuth 2.0, and business-rationale defects as opposed to the inheritance approach.
We thought of this straightforward device that naturally security tests APIs. If it's not too much trouble, attempt this device and get a free API security testing report for your public, portable, and web APIs.

Here is the URL: https://apisec-inc.github.io/pentest/