Meet the Developers!

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.


Data, data, everywhere. How the lack of rate limiting contributes to severe security issues.

Photo by Ludovic Charlet on Unsplash

You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten. The current API top ten are Broken Object Level Authorization, Broken User Authentication, Excessive Data Exposure, Lack of Resources & Rate Limiting, Broken Function Level Authorization, Mass Assignment, Security Misconfiguration, Injection, Improper Assets Management, and Insufficient Logging & Monitoring.

Many of these vulnerabilities affect application components besides APIs as well, but they tend to manifest themselves in APIs. Last time, we talked about a…


XSS, RCE, SQL injection. Diving into the root of injection vulnerabilities.

Photo by Manuel Chinchilla on Unsplash

What do SQL injections, command injections, and cross-site scripting have in common? The answer is that they are all injection vulnerabilities!

Lately, I have been thinking a lot about how to teach security. And something I think is really important when learning about security is understanding the fundamentals of why something is happening. So instead of learning about a singular technique or vulnerability class, you want to understand the underlying mechanisms of what caused these issues and why a certain attack is working the way it is.

The fundamentals of injections

Injection issues are super common. They are the underlying issue for a huge…


Dating 101

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.


Hey, I found your access tokens on your profile page.

Photo by Rachel LaBuda on Unsplash

You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten. The current API top ten are Broken Object Level Authorization, Broken User Authentication, Excessive Data Exposure, Lack of Resources & Rate Limiting, Broken Function Level Authorization, Mass Assignment, Security Misconfiguration, Injection, Improper Assets Management, and Insufficient Logging & Monitoring.

Many of these vulnerabilities affect application components besides APIs as well, but they tend to manifest themselves in APIs. Last time, we talked about broken…


No Time For Love

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.


How attackers hack API authentication. Are you who you say you are?

Photo by Markus Spiske on Unsplash

You’ve probably heard of the OWASP top ten or the top ten vulnerabilities that threaten web applications. OWASP also periodically selects a list of top ten vulnerabilities that threaten APIs, called the OWASP API top ten. The current API top ten are Broken Object Level Authorization, Broken User Authentication, Excessive Data Exposure, Lack of Resources & Rate Limiting, Broken Function Level Authorization, Mass Assignment, Security Misconfiguration, Injection, Improper Assets Management, and Insufficient Logging & Monitoring.

Many of these vulnerabilities affect application components besides APIs, but they tend to manifest themselves in APIs. …


The eternal struggles of Dev Life

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.


An API Objects Free-For-All

Photo by CHUTTERSNAP on Unsplash

I got really into studying API security recently. While working on the first draft of my book, my technical editor, Aaron Guzman, pointed out that my book on web security needed an API chapter to be complete.

And he has a great point. As modern applications become more complex, they are increasingly built using APIs. And more and more so, APIs have the ability to execute important actions or communicate sensitive information. This makes API bugs a widespread source of security breaches and data leaks. …


Problem Solved

Main Branch is a comic strip for developers produced by James Gilbreath, Jason Green, and Vickie Li.

Vickie Li

Professional investigator of nerdy stuff. Hacks and secures. Creates god awful infographics. https://twitter.com/vickieli7

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store