Add JWT and APISecurity.io

assets/blogposts.md

@@ -18,6 +18,7 @@ A collection of Blog Posts ordered by Vulnerability Types
 - [Automation](#Automation)
 - [Buffer Overflow](#Buffer-Overflow)
 - [IDOR](#IDOR)
+- [JWT](#JWT)
 - [GraphQL](#GraphQL)
 - [RCE](#RCE)
 - [Recon](#Recon)
@@ -124,6 +125,9 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 - [Automating BURP to find IDORs](https://medium.com/cyberverse/automating-burp-to-find-idors-2b3dbe9fa0b8) - [Aditya Soni](https://medium.com/@hetroublemakr)
 - [Another image removal vulnerability on Facebook](https://blog.darabi.me/2020/06/image-removal-vulnerability-on-facebook.html) - by Pouya
 
+## JWT
+- [Are You Properly Using JWTs?](https://youtu.be/M3jA0bGDCso) - OWASP AppSec California talk on JWT security and attacks
+
 ## GraphQL
 - [Private System Note Disclosure using GraphQL](https://hackerone.com/reports/633001) - Ron Chan
 - [Graphql Abuse to Steal Anyone’s Address](https://blog.usejournal.com/graphql-bug-to-steal-anyones-address-fc34f0374417) - pratik yadav
@@ -163,4 +167,4 @@ You can find a ton of awesome XSS reports by searching through the HackerOne Hac
 
 
 ---
-back to [Intro Page](/README.md)
+back to [Intro Page](/README.md)

assets/media.md

@@ -68,6 +68,7 @@ The following list does not exclusively contains Bug Bounty themed Accounts but
 | Name                                                    | Topics                                                                       |
 | ------------------------------------------------------- | ---------------------------------------------------------------------------- |
 | [@Alyssa*Herrera*](https://twitter.com/Alyssa_Herrera_) | BB                                                                           |
+| [@APIsecurityio](https://twitter.com/APIsecurityio)     | API Security news, vulnerabilities, standards, best practices, talks, tools  |
 | [@Bugcrowd](https://twitter.com/Bugcrowd)               | BB, Platform                                                                 |
 | [@DailySwig](https://twitter.com/DailySwig)             | Web Technologie, News                                                        |
 | [@DanielMiessler](https://twitter.com/DanielMiessler)   | Security, Researcher, [SecLists](https://github.com/danielmiessler/SecLists) |
@@ -99,7 +100,7 @@ The following list does not exclusively contains Bug Bounty themed Accounts but
 | [@autothreat](https://twitter.com/autothreat)           | Hacking, Cars                                                                |
 | [@brutelogic](https://twitter.com/brutelogic)           | Researcher, Teaching, XSS                                                    |
 | [@ceos3c](https://twitter.com/ceos3c)                   | YouTuber, General Hacking, Teaching                                          |
-| [@codingo_](https://twitter.com/codingo_)                   | General Hacking, Bug Bounty, Coding                                         |
+| [@codingo_](https://twitter.com/codingo_)               | General Hacking, Bug Bounty, Coding                                          |
 | [@d0nutptr](https://twitter.com/d0nutptr)               | BB, Researcher, (Rust.)                                                      |
 | [@daeken](https://twitter.com/daeken)                   | BB, Researcher                                                               |
 | [@evilsocket](https://twitter.com/evilsocket)           | Hacking, Coding, Hardware, Tools                                             |
@@ -147,7 +148,8 @@ The following list does not exclusively contains Bug Bounty themed Accounts but
 - [Ceos3c](https://discord.gg/SBK3hkR)
 
 ## Misc
+ - [APIsecurity.io](https://apisecurity.io/) - weekly newsletter on API security
  - [ChaosComputerClub Germany Media Resources](https://media.ccc.de/) - bunch of conference talks and other media
  - [Phrack](http://www.phrack.org/)
 ---
-back to [Intro Page](/README.md)
+back to [Intro Page](/README.md)