This article has been indexed from DZone Security Zone
This week, we have a detailed write-up on finding credit card numbers leaking from a GraphQL API, a lab walkthrough on hacking JSON web tokens (JWT) through SQL injection, and HackerOne’s new Capture The Flag (CFT) API Security challenge. On the resource side, we have another good mind map, this time on XML attack vectors on APIs.
Case Study: Cracking Encrypted Credit Card Numbers Exposed by an API
Craig Hays has published a fascinating write-up from his recent pentesting in a private bug bounty program.
Read the original article: API Security Weekly: Issue #143