Olivia
Online
Maryb
@MaryCybSec
Cloud Infra Security | Cybersecurity | CyberGirl | Azure specialist
Nigeria
Joined March 2020
217 Following
134 Followers
349 Posts
# DevSecOps: shifting security left into CI/CD pipelines, automated scanning, and compliance for APIs.
I'm really grateful to HAWD for building a program this thorough. API security finally clicked for me here and that's not something I say lightly.
#APISec @HackingAPIWDami
Just completed the 14-week @HackingAPIWDami program. We covered:
# REST API pen testing & OWASP API Top 10: Not just theory, actual hands-on labs exploiting the vulnerabilities that break real production APIs every day.
# Auth attacks: OAuth 2.0, JWT, and API keys.
# GraphQL: introspection abuse, IDOR, SSRF, BAC via __typename, secondary context attacks, directive injection, rate limit bypass, CSRF, WebSocket hijacking, & XSS.
# AI/LLM/MCP: prompt injection, model extraction, data poisoning, & the Model Context Protocol threat landscape.
Who to follow
INGENUITY UNCENSORED
@ingenuity_uncen
God's Child || Good Music Evangelist || Emcee || Journalist || My Wife's Biggest Fan
✍️📻🎤🕺
Life is a game made for everyone and Love is the prize.
Bukola Anifat
@antoinetteS1995
Nayo🥂. Psychologist®️
@SilasAnayo
💡 Safe space to share & heal
Real talk on📍Psychological health •Addictions •Suicide•Relational issues🚻Impairments to daily functioning🪫.
You aren't alone🤝
Last week, I went from Apprentice to cracking Practitioner-level GraphQL labs on @PortSwigger
I learned how hidden endpoints get exposed, how private fields leak sensitive data, and how aliases can crush brute force protections. @HackingAPIWDami
AI is powerful but without proper security controls, it's a wide open door beckoning attackers.
Huge learning experience for me.
@HackingAPIWDami
Last week, I did a penetration test on an intentionally vulnerable LLM app (AIGoat) and the results were really eye-opening!
Prompt injection, data leakage, XSS via chatbot output, unauthorised refunds processed through conversation alone… the list goes on.
LLM security isn't a future problem. It's a RIGHT NOW problem. If your app has an AI chatbot and you haven't pen tested it? I think you should.
We (myself and fellow group mates) asked the chatbot to process someone else's refund. It did. No questions asked. 😬
AI amplifies your API's power. It also amplifies the risk. Security has to keep up #API #APISec @HackingAPIWDami
I've just completed the LLM & NLP Security course on APISec University.
Artificial intelligence is reshaping how we build applications, but it's also reshaping how attackers exploit them. This course tackled one of the most timely and critical intersections in tech today.
# Error Handling: Never leak details attackers can use
# Rate Limiting: Cap abuse before it scales
# API Gateways: Your first and strongest line of defense
# Monitoring: You can't secure what you can't see
If you work in development, DevOps, or security and haven't thought deeply about API security, now is the time. APIs are everywhere, and so are the vulnerabilities hiding inside them.
#API @HackingAPIWDami
Excited to share that I've just completed the 12 hours API Penetration Testing course on APISec University! 🎉
APIs are the backbone of modern applications and yet they remain one of the most overlooked attack surfaces in security today.
What stood out most was the practical sessions and emphasis on thinking like an attacker. Security isn't just about building walls, it's about understanding how those walls can be torn down, so you can build them stronger.
@HackingAPIWDami Thank you 😊
Good API documentation isn't just a nice-to-have. It's the difference between adoption and abandonment.
I recently took a course on API documentation, and this reminded me of a time I got stuck during a project implementation.
Finally, documentation is not a post-launch task. It's not something you hand off to a technical writer at the end of a sprint. It's a core part of your product, and it deserves the same attention, iteration, and care as the API itself.
@HackingAPIWDami #API
-Clear, human-readable error messages with context on how to fix them
-A guide that doesn't assume the reader already knows your system
-A sandbox or interactive environment to test calls without setting up a full integration
-Updated documentation (always review them)
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers