API Security on https://n9o.xyz/tags/api-security/ Recent content in API Security on Hugo -- gohugo.io en © 2026 Vaishnav Baraskar Sun, 18 May 2025 00:00:00 +0000 APISEC-CON CTF – Exception Excavation & Render Bender https://n9o.xyz/capturetheflag/apisec/ Sun, 18 May 2025 00:00:00 +0000 https://n9o.xyz/capturetheflag/apisec/ <h2 class="relative group">0x00 – The Setup <div id="0x00--the-setup" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#0x00--the-setup" aria-label="Anchor">#</a> </span> </h2> <p>API challenges always make me pause. They&rsquo;re subtle, often logic-based, and prone to mishandling by developers chasing &ldquo;RESTful perfection.&rdquo; When I saw two challenges dropped back-to-back—<strong>Exception Excavation</strong> and <strong>Render Bender</strong>—I knew there was potential for mischief.</p> Coffee, Curiosity & an API – JWT 'alg:none' Exploit in HealthTrack https://n9o.xyz/bugbounty/healthtrack/ Mon, 19 Feb 2024 00:00:00 +0000 https://n9o.xyz/bugbounty/healthtrack/ <h1 class="relative group"><strong>Prologue: Coffee, Curiosity &amp; an API</strong> <div id="prologue-coffee-curiosity--an-api" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#prologue-coffee-curiosity--an-api" aria-label="Anchor">#</a> </span> </h1> <p>It was one of those quiet February evenings. No caffeine left in the mug, but my curiosity was wide awake. The glow from the screen illuminated my desk, casting a soft digital haze. I was drifting through recon mode—scrolling API docs, poking endpoints, intercepting calls like I was casually flipping through a dusty book in a forgotten archive.</p> Broken Authentication: Uncovering Twitter's OAuth Vulnerability https://n9o.xyz/bugbounty/twitter/ Fri, 07 Apr 2023 00:00:00 +0000 https://n9o.xyz/bugbounty/twitter/ A technical deep dive into an authentication vulnerability in Twitter&rsquo;s legacy API that allowed bypassing signature validation, exposing user data through inconsistent OAuth enforcement.