Episode 108: New tales from the trenches!

Dive into the world of penetration testing with hands-on experiences at a financial institution, revealing how GraphQL challenges security. Discover the importance of securing JWTs and SMTP servers to prevent email vulnerabilities. Explore the complexities of API security and the advantages of certificate-based authentication for SSH. Learn about the risks institutions face from user enumeration and the need for robust identity safeguards. Finally, understand why a layered security strategy is essential, extending beyond just multi-factor authentication.