Blog

Security Insights

Deep dives, expert analysis, and practical guidance on exposure management, adversarial validation, and the future of AI-driven exposure management.

Application Security

GraphQL Security Testing: A Complete Guide

GraphQL returns 200 even for errors, which blinds scanners. This guide walks schema recovery, nested-resolver BOLA, alias and batch rate-limit bypass, query-cost DoS, the tooling, and the config fixes.

Dec 26, 20247 min

Application SecurityOWASP

API Penetration Testing Methodology and the OWASP API Top 10

A repeatable API pentest methodology on the OWASP API Top 10 (2023): five phases, a test per risk, a real BFLA-to-BOLA chain, a findings table, and config-level fixes.

Nov 26, 20247 min