Yelp recently announced that it will open source its fuzz-lightyear testing framework. Fuzz-lightyear specifically identifies Insecure Direct Object Reference (IDOR) vulnerabilities which present some of the most difficult vulnerabilities for enterprises to systematically defend against.
Developers commonly generate unique API keys for clients. But how long does an API key need to be to make the chances of a collision smaller than the chance that your computer might be struck by lightning? Fewer than you’d think, argues Sam Corcos, co-founder of SightMaps over at LearnPhoenix.io.