BestHub
Sign in
Tagged articles
4 articles
Page 1 of 1
Black & White Path
Black & White Path
Mar 12, 2026 · Information Security

AuthKit: A Burp Suite Plugin for Automated Privilege‑Escalation Detection

AuthKit is a Burp Suite extension that expands a single request into Original, Unauthorized and multiple‑role samples to uncover unauthorized access, horizontal and vertical privilege escalation, and BOLA issues, offering passive capture, right‑click active testing, multi‑identity replay, metric dashboards, diff views, context‑menu integration, and flexible scope controls.

AuthKitAutomationBOLA
0 likes · 3 min read
AuthKit: A Burp Suite Plugin for Automated Privilege‑Escalation Detection
Architect's Guide
Architect's Guide
Jul 20, 2025 · Information Security

Unlocking API Security: 10 Common Vulnerabilities Every Tester Must Know

This article explains the most frequent API security flaws—including information disclosure, broken object and function level authorizations, excessive data exposure, rate‑limiting gaps, mass‑assignment, misconfigurations, asset‑management errors, and business‑logic bugs—while providing practical examples, detection techniques, and code snippets for each vulnerability.

API SecurityBFLABOLA
0 likes · 16 min read
Unlocking API Security: 10 Common Vulnerabilities Every Tester Must Know
Liangxu Linux
Liangxu Linux
Jul 30, 2023 · Information Security

Top 12 Common API Vulnerabilities Every Tester Should Know

Understanding the most frequent API weaknesses—from information disclosure and broken object-level authorization to injection, misconfiguration, and business logic flaws—helps security testers identify, exploit, and report issues such as over‑exposed data, missing rate limits, and improper authentication across modern web services.

API SecurityBOLAbusiness logic
0 likes · 17 min read
Top 12 Common API Vulnerabilities Every Tester Should Know
MaGe Linux Operations
MaGe Linux Operations
Jul 15, 2023 · Information Security

Top API Vulnerabilities Every Tester Should Know

This article surveys the most common API security flaws—including information disclosure, broken object‑level and function‑level authorization, over‑exposure of data, missing rate limits, mass‑assignment, misconfigurations, injection attacks, improper asset management, and business‑logic bugs—providing examples, code snippets, and practical testing tips for security professionals.

API SecurityAuthenticationBOLA
0 likes · 17 min read
Top API Vulnerabilities Every Tester Should Know