all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How I scanned dev.to APIs for vulnerabilities

Add to bookmarks
May 7, 2022, 12:16 a.m. | Intesar Shannan Mohammed

DEV Community dev.to

I recently saw the dev.to published an update on their REST APIs.

https://developers.forem.com/api


I became curious, and I wanted to scan the Dev.to REST API for basic vulnerabilities.


I used a free and web-based API security tool for this job.

https://apisec-inc.github.io/pentest/


Here are the scan results



Surprisingly it reported 8 issues. Here is the list:



I analyzed the dev.to web UI to find out what was happening. I quickly figured out all the open endpoints were also open on the …

api apis dev node security testing vulnerabilities

Visit resource

More from dev.to / DEV Community

Importance of Cyber Security in Business Continuity 55 minutes ago | dev.to
attacks breaches business business continuity +32
Delay-Based Attack Payload 2 hours ago | dev.to
application application security application security testing attack +32
Day 29 of 30-Day .NET Challenge: Generics & Custom Interfaces 3 hours ago | dev.to
application application performance article beginners +11
Next.js Authentication 4 hours ago | dev.to
access application aspect authentication +26
Quickly add 2FA (email) for your custom Django admin 4 hours ago | dev.to
2fa admin authentication clarity +12
Securing Apps In React Native 4 hours ago | dev.to
android apps data detect +13
Responsibilities of a modern CISO 7 hours ago | dev.to
assets beyond business challenges +22
IIoT Security: 5 Essential Steps to Secure your IoT Devices and OS 14 hours ago | dev.to
attack attacks attack vectors business +22
How to build your first Tech Community? 15 hours ago | dev.to
build communities community flaws +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Information Systems Security Officer (ISSO), Junior

@ Dark Wolf Solutions | Remote / Dark Wolf Locations
View on infosec-jobs.com

Cloud Security Engineer

@ ManTech | REMT - Remote Worker Location
View on infosec-jobs.com

SAP Security & GRC Consultant

@ NTT DATA | HYDERABAD, TG, IN
View on infosec-jobs.com

Security Engineer 2 - Adversary Simulation Operations

@ Datadog | New York City, USA
View on infosec-jobs.com
View more jobs