Next Orbit

Author Archives: Gaurav Dhy

How to Catch the Bad Guys Before They Crash Your Code Party

The Bug Hunter’s Toolkit: Your First Guide to Application Security Testing You’ve just built your first real application. It works flawlessly on your machine, the features shine, and you’re ready to show it off. Here’s the twist: your beautiful, functional … Read More

The Trust Equation: How Policy-as-Code Solves the Great Balancing Act

There’s a moment in every growing organization when the honeymoon ends. It happens gradually, then suddenly. Developers who once moved at lightning speed find themselves tangled in approval chains. Security teams become the “Department of No.” Finance discovers cost overruns … Read More

Signals & Stories: What the Slot Machine Taught About CI/CD

Someone told me that the power of feedback loops they first noticed not in a data center, but in a casino. Drop a coin into a slot machine, pull the lever, and within seconds, the outcome is clear – no … Read More

OWASP API TOP 10: #1 API Security Risk: Broken Object Level Authorization

Part 10 of our OWASP API Security Top 10 Deep Dive Series The Object Heist: How API1:2023 Turned Digital IDs Into Master Keys The Great ID Switcheroo You walk into a hotel, flash your room key, and head toward the … Read More

OWASP API TOP 10: #2 API Security Risk: The Authentication Paradox

Part 9 of our OWASP API Security Top 10 Deep Dive Series How API2:2023 Became the Gateway to Digital Chaos In today’s digital ecosystem, where an overwhelming majority of organizations face API security problems in production, one vulnerability stands as … Read More

OWASP API TOP 10: #3 API Security Risk: Broken Object Property Level Authorization

Part 8 of our OWASP API Security Top 10 Deep Dive Series The Doctor’s Dilemma Imagine visiting a new doctor for a routine check-up. You share basic health details, height, weight, and medications – all needed to provide good care. … Read More

Discover how APIs’ “digital generosity” can become a weapon. Learn what Unrestricted Resource Consumption is, real-world examples, and how to protect your API with intelligent boundaries and resource limits.

OWASP API TOP 10: #4 API Security Risk: Unrestricted Resource Consumption

Part 7 of our OWASP API Security Top 10 Deep Dive Series The Generosity Trap: When Digital Hospitality Becomes a Weapon The All-You-Can-Eat Dilemma Picture your favorite neighborhood restaurant – the one with warm lighting, friendly servers, and generous portions. … Read More

OWASP API TOP 10: #5 API Security Risks: Broken Function Level Authorization

Part 6 of our OWASP API Security Top 10 Deep Dive Series Here’s a simple question that reveals a dangerous assumption in modern software: Who decides what you’re allowed to do? In the physical world, this question has obvious answers. … Read More

OWASP API Top 10. Number Six.

OWASP API TOP 10: #6 API Security Risk: Unrestricted Access to Sensitive Business Flows

Part 5 of our OWASP API Security Top 10 Deep Dive Series The Speed of Greed: How Bots Hijack Your Business Logic Every music fan knows the drill. Your favorite artist announces a tour. Tickets go on sale Friday at … Read More

OWASP API TOP 10: #7 API Security Risk: Server Side Request Forgery

Part 4 of our OWASP API Security Top 10 Deep Dive Series The Puppet Master’s Paradox: When SSRF Turns APIs into Accomplices Imagine you’re at a party, and someone approaches you with a simple request:“Hey, could you ask Sarah over … Read More