Open in app

Sign In

Write

Sign In

Inon Shkedy
Inon Shkedy

794 Followers

Home

About

Pinned

A Deep Dive On The Most Critical API Vulnerability — BOLA (Broken Object Level Authorization)

Intro In this article I dig into the details about Broken Object Level Authorization (BOLA) — the most common and most severe API vulnerability today according to the OWASP API Security Project. Insecure Direct Object Reference (IDOR) and BOLA are the same thing. …

API

16 min read

A Deep Dive On The Most Critical API Vulnerability — BOLA
A Deep Dive On The Most Critical API Vulnerability — BOLA
API

16 min read


Nov 27, 2022

OWASP API Top 10 for Dummies — Part #2

Welcome back to our blog series on the OWASP API Top 10! This is continued from Part I. If you haven’t read the first part, check it out! …

API

5 min read

OWASP API Top 10 for Dummies — Part #2
OWASP API Top 10 for Dummies — Part #2
API

5 min read


Nov 27, 2022

OWASP API Top 10 for Dummies — Part #1

Introduction In this blog series I will try to explain the most common threats for APIs using simple analogies. I started thinking about writing this blog last time I was visiting my grandfather. He asked me — “Inon, what do you do for work?”. Simple answers like “Cybersecurity” didn’t tell him…

API

4 min read

OWASP API Top 10 for Dummies — Part #1
OWASP API Top 10 for Dummies — Part #1
API

4 min read


Dec 17, 2021

Log4Shell — Simple Techincal Explanation of the Exploit

Last week’s Log4Shell vulnerability is a dramatic example of how modern applications, interconnected services and pervasive APIs can create substantial security challenges. As a security researcher who has spent years looking at API vulnerabilities, this is an excellent example of how things can go wrong. …

Log4j

6 min read

Log4Shell — Simple Techincal Explanation of the Exploit
Log4Shell — Simple Techincal Explanation of the Exploit
Log4j

6 min read


Sep 23, 2021

Hacking your mind — Mindfulness Journey from a hacker perspective

Intro My job is to hack systems, so I usually write about cybersecurity and different hacking techniques. Today I decided to write about something a bit different — my mindfulness journey and how I find this process similar to hacking. Background Before I jump into the details, I would like to share…

Mindfulness

9 min read

Hacking your mind — Mindfulness Journey from a hacker perspective
Hacking your mind — Mindfulness Journey from a hacker perspective
Mindfulness

9 min read


Aug 23, 2021

31 Tips — Advanced Bug Bounty & Pentesting

To welcome Blackhat & Defcon conferences, we published a daily tip on Bug Bounty & AppSec during the month of July 2021. We started this project because we wanted to help developers, security engineers, and pentesters learn about AppSec and API pentesting. We realize it’s not easy to find resources…

Pentesting

2 min read

31 Tips — Advanced Bug Bounty & Pentesting
31 Tips — Advanced Bug Bounty & Pentesting
Pentesting

2 min read


Apr 19, 2021

Behind the Scenes of SAST — The Challenges of Code Scanning

I love the idea behind Static Application Security Testing (SAST) tools — they aim to create a utopian world clean from application vulnerabilities. If Dynamic Application Security Testing (DAST) tools look at your application to find doors and windows left open to intruders, SAST tools try to prevent them from…

Application Security

7 min read

Behind the Scenes of SAST — The Challenges of Code Scanning
Behind the Scenes of SAST — The Challenges of Code Scanning
Application Security

7 min read


Mar 16, 2021

Behind the Scenes of DAST — How do Security Scanners Work?

The idea behind Dynamic Applications Security Testing (DAST) is pretty clever — a tool that simulates a human penetration tester. With the URL of an app to test, the tool gets its hands dirty and provides a vulnerabilities report. DAST tools are not just contextless fuzzers; they have intelligence and…

Appsec

7 min read

Behind the Scenes of DAST — How do Security Scanners Work ?
Behind the Scenes of DAST — How do Security Scanners Work ?
Appsec

7 min read


Aug 26, 2020

Modern Application Security — Good and Bad News

This is the second article in a 2-part blog series. In the previous article, we talked about the major changes in application development in the last several years. In this article, we will discuss how these changes impact application security as we used to know it, and redefined the boundaries. Extended Boundaries: Application Security is a Widespread Concern …

Application Security

4 min read

Modern Application Security — Good and Bad News
Modern Application Security — Good and Bad News
Application Security

4 min read


Aug 26, 2020

Modern Application Security — What are Modern Applications?

Introduction‍ This is the first article in a 2-part blog series outlining how application security has changed (or needs to change). Before I get into the article, let me give you a little background on myself. I am currently the Head of Security Research at Traceable but my personal journey with…

API

6 min read

Modern Application Security — What are Modern Applications?
Modern Application Security — What are Modern Applications?
API

6 min read

Inon Shkedy

Inon Shkedy

794 Followers

I love to learn, build and break things. Head of Security Research @ Traceable.ai

Following
  • Anangsha Alammyan

    Anangsha Alammyan

  • Bipin Jitiya

    Bipin Jitiya

  • Yonatan Kreiner

    Yonatan Kreiner

  • Anand Tiwary

    Anand Tiwary

  • Dave

    Dave

See all (24)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams