Show HN: Openapi.security, a fast security checker for REST-based API tl;dr we released openapi.security, an online tool that performs a dozen of security tests on any given openapi/swagger-based API, with no signup or email required. You can try it here: https://ift.tt/vI5SjFg My team at Escape (YC W23) is mainly focused on securing GraphQL APIs. For this, we developed a new approach called Feedback driven API Exploration. Basically, we infer the right security tests cases to run using the specification and a carefully crafted in house graph traversal algorithm. (It's a bit long to describe here but we published a more in depth explanation of how this algorithm works in our blog!) We recently wondered if this Feedback Driven Exploration approach could be efficiently applied to good old REST APIs as well. From our experience, well designed GraphQL and REST APIs are quite equivalent: both have an organized data structure and explicit relationships between objects. So why wouldn't it work? We often organise internal hackathons. So this time, we focused on this experiment, adapting our algorithm to REST and ending up creating our last side project: OpenAPI.security. It is a very simple tool: anybody can enter an OpenAPI / Swagger spec, and openapi.security will run a bunch of security tests on it and give back a report. It's designed to be fast and smart in the way it analyzes input specs. https://ift.tt/vI5SjFg February 15, 2023 at 12:58AM
Show HN: Tape It, iOS recording app for musicians Hello HN, Over the last 15 months, two friends and I developed the music recording app we felt we wanted based on our own needs as musicians. It's called Tape It [1] and has just recently hit the Apple App Store [2]. We put a lot of effort into a good UX to help musicians really focus on playing their instrument instead of pretending to be a recording engineer. The app records in stereo on newer iPhones (although that's a premium feature; the free version only records in standard mono audio quality). I would be really grateful for advice from this community on how to best approach marketing. We had a great TechCrunch article covering our launch [3], and we posted it on various music websites. Turns out advertising on Google or Apple Search is a dark art, though. We have some good ideas for developing a good social media presence, but they will take time. Please hit us with feedback, opinions and advice that you think a young ind...
Comments