The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Back to feedPost
API Security Assessment - REST and GraphQL Endpoints
Performed a black-box API security assessment covering REST and GraphQL endpoints for a fintech platform. Identified BOLA/IDOR vulnerabilities allowing unauthorized access to other users financial data, mass assignment flaws exposing admin-only fields, broken function-level authorization on privileged endpoints, and GraphQL introspection exposing internal schema. Also found SSRF via webhook URL parameter and JWT algorithm confusion (RS256 to HS256).
Delivered OWASP API Top 10 aligned report with curl-based PoC for each finding and remediation guidance.
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Related posts
Build the website whose conversion rates are through the roof! Attracting Millions of organic traffic, all thanks to the well optimized SEO.
The website is small and to the point when it comes to conversion.
Meet Hex Security, a YC backed cybersecurity company.
Here's a small case study:
The restrained approach for a cybersecurity brand makes sense. SEO-focused landing pages for YC companies tend to work best when the copy does the heavy lifting, not the visuals. Curious how the conversion rate compares before and after.
RiskClearAI - AI-Powered Contract Review Platform
RiskClearAI is a SaaS platform that analyzes construction contracts using AI to identify risks, missing clauses and compliance issues. The platform processes uploaded contracts, extracts clauses, classifies risk categories and generates actionable insights to help contractors make informed decisions before signing agreements.
Trending
Claude
Claude has entered the design space. How are you using Claude Design?
Contra University
Learn from expert creatives how to earn more using next-gen AI tools.
MagicPath
The canvas is infinite, and exploration is becoming the workflow. How are you using MagicPath?
creativeaiflow
Creative AI workflows are evolving. What tools do you use, and what are their strengths and weaknesses?
freelancerlife
Freelancer life is wins, pivots, and everything in between. What’s yours right now?
