Safeguard
Tag

bola

Safeguard articles tagged "bola" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Kubernetes Security

Broken object-level authorization in Kubernetes integrations: CVE-2023-1065

One leaked Integration ID was enough to pollute a Snyk customer's findings — CVE-2023-1065 shows why possession of an identifier is not authorization.

Jul 14, 20266 min read
Application Security

API security fundamentals: mapping the OWASP API Top 10 to real tests

OWASP's 2023 API Security Top 10 lists 10 risk categories — most start with a single curl request. Here's how to test and fix each one.

Jul 13, 202611 min read
Application Security

A primer on the OWASP API Security Top 10 and how to test for it

The OWASP API Security Top 10 dropped Injection entirely in its 2023 update and added SSRF — most REST and GraphQL teams still test for the old list.

Jul 10, 20267 min read
Vulnerability Guides

What Is IDOR (Insecure Direct Object Reference)?

IDOR lets an attacker swap an ID in a request and read or change data that belongs to someone else. Here is how it works and how to shut it down.

Jul 1, 20266 min read
Application Security

OWASP API Security Top 10 risks explained

The OWASP API Security Top 10 ranks BOLA, broken auth, SSRF, and 7 more API risks behind breaches like Optus and T-Mobile — explained with real incidents.

Jun 4, 20268 min read
Application Security

API Security Testing Checklist & Best Practices

A concrete API security testing checklist covering OWASP API Top 10 risks, BOLA, SSRF, testing cadence, SAST/DAST, and how Safeguard closes the gaps.

Mar 11, 20267 min read
Application Security

How to Secure REST APIs

REST APIs keep failing the same way: BOLA, weak auth, shadow endpoints. Real breaches (T-Mobile, Optus, Peloton) and concrete fixes for each.

Mar 10, 20267 min read
Application Security

What is Broken Object Level Authorization (BOLA)

BOLA lets attackers swap an object ID in an API request to pull someone else's data. Here's how it works, real breaches, and how to stop it.

Mar 9, 20267 min read
Industry Analysis

Broken Object Level Authorization (BOLA/IDOR) in APIs

BOLA/IDOR has topped the OWASP API Security Top 10 since 2019. Here's how USPS, Peloton, and Parler got breached by it—and how to catch it before you do.

Nov 7, 20258 min read
bola — Safeguard Blog