Escape - Application Security & Offensive Security Blog

Dive into the world of application security, offensive security, API security and GraphQL. Explore performance optimization, testing strategies, and best practices for building secure APIs & SPA.

Two Critical Vulnerabilities, One AI Pentester: How Cascade Found an Unauthenticated RCE and Walked Around the WAF
AI pentesting

Two Critical Vulnerabilities, One AI Pentester: How Cascade Found an Unauthenticated RCE and Walked Around the WAF

TL;DR We pointed Cascade, Escape's AI pentesting solution, at a single Spring + JSP customer portal. It came back with two findings that are typically difficult for traditional Dynamic Application Security Testing (DAST) scanners to detect: * Unauthenticated RCE via SpEL injection. A ref request parameter was dropped, unsanitized,

  • Karim Rustom
Best API security testing tools in 2026: top picks, key features and expert comparison
API Security

Best API security testing tools in 2026: top picks, key features and expert comparison

When it comes to securing applications and APIs, the best API security testing tools are indispensable. These advanced solutions detect vulnerabilities by continuously scanning for weaknesses and simulating real-world attacks. But how do you choose between all API security testing vendors? Agentless API security tools are transforming application security by

  • Alexandra Charikova
  • Antoine Carossio