all InfoSec news
How I scanned dev.to APIs for vulnerabilities
May 7, 2022, 12:16 a.m. | Intesar Shannan Mohammed
DEV Community dev.to
I recently saw the dev.to published an update on their REST APIs.
https://developers.forem.com/api
I became curious, and I wanted to scan the Dev.to REST API for basic vulnerabilities.
I used a free and web-based API security tool for this job.
https://apisec-inc.github.io/pentest/
Here are the scan results
Surprisingly it reported 8 issues. Here is the list:
I analyzed the dev.to web UI to find out what was happening. I quickly figured out all the open endpoints were also open on the …
More from dev.to / DEV Community
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Information Systems Security Officer (ISSO), Junior
@ Dark Wolf Solutions | Remote / Dark Wolf Locations
Cloud Security Engineer
@ ManTech | REMT - Remote Worker Location
SAP Security & GRC Consultant
@ NTT DATA | HYDERABAD, TG, IN
Security Engineer 2 - Adversary Simulation Operations
@ Datadog | New York City, USA