Hi, I’m Dana Epp.

I write this blog, build and break software for a living, and am a Microsoft Developer Security MVP.

Learn how to stay professionally detached from the vulnerabilities you discover and disclose as part of your security research.

by Dana Epp November 26, 2024November 19, 2024

Learn why shadow APIs sometimes provide a defenseless path for threat actors, and learn what YOU can do about it.

by Dana Epp November 19, 2024November 12, 2024

Let’s explore the latest book by Packt Publishing on “Pentesting APIs” and see if it’s worth putting on an API hacker’s bookshelf.

by Dana Epp November 12, 2024November 8, 2024

Learn how to use upstream residential and mobile proxies in Burp Suite to evade IP blocking during your API security testing.

by Dana Epp November 5, 2024November 2, 2024

Learn how to cross-reference Known Exploit Vulnerabilities (KEV) against CWE to find the best attack vectors to use during security testing.

by Dana Epp October 29, 2024October 28, 2024

Learn how to write exploits that take advantage of blind command injection vulnerabilities using a time-delayed boolean oracle attack.

by Dana Epp October 22, 2024October 11, 2024

Learn how to use JSON injection to manipulate API payloads to control the flow of data and business logic within an API.

by Dana Epp October 15, 2024October 6, 2024

Learn five tips that will help improve the API exploits you submit into security triage as part of your vulnerability research.

by Dana Epp October 8, 2024September 29, 2024