This blog describes the attack path we have uncovered during a recent penetration test of a web application, coupled with a back-end infrastructure assessment. Throughout we introduce different attack techniques and tools that can be used to attack the underlying infrastructure and APIs of a web application.

There is a sight gag that has been used in a number of movies and TV comedies that involves an apartment building lobby. It shows how people who don’t live there, but who want to get in anyway, such as Girl Guides looking to sell cookies to the tenants – simply run their fingers down every call button on the tenant directory, like a pianist performing a glissando, knowing that at least one of the dozens of apartments being buzzed will let them in simply out of reflex or laziness.

Gartner’s introduction of the Security Service Edge (SSE) Magic Quadrant in February of 2022 has been an impetus for organizations to reassess their cloud access security broker (CASB) solutions. CASB is one of the three core components of SSE and the piece of the puzzle that handles cloud security for SaaS and IaaS applications.

Usability testing is a method for evaluating your product to see how it performs in real contexts. It helps test user behavior, performance, and satisfaction, while consequently offering opportunities to improve the user experience within the product. Often, in a fast-paced company, user research ends up overlooked because it takes up time and resources. However, all the team's hard work will be wasted if you end up making something that nobody wants to use.

APIs are a crucial tool in today’s business environment. Allowing applications to interact and exchange data and services means that companies can provide an ever-greater range of features and functionalities to their clients quickly and easily. So, it is no wonder that a quarter of businesses report that APIs account for at least 10% of their total revenue - a number that will only increase in coming years.