Dana Epp's Blog

Security (de)engineering for fun and profit

Hi, I’m Dana Epp.

I write this blog, build and break software for a living, and am a Microsoft Regional Director and Developer Security MVP.

#danaepp

You can subscribe to the API Hacker’s Inner Circle Newsletter here.

LATEST ARTICLES

Writing Burp Bambda Filters Like a Boss

Learn how to write your own Bambda filters in Burp Suite to do complex filtering of your proxy HTTP history.
Using Chaos Engineering To Hack An API

Learn how to use chaos engineering to break an API on purpose to find new types of vulnerabilities that you don’t normally find in testing.
Uncovering Elusive API Targets via VHOST Discovery

Learn how to uncover elusive dev, test, and production instances of an API hidden behind virtual hosting through VHOST discovery.

POPULAR ARTICLES

The Beginner’s Guide to API Hacking

How to get started with web API security testing.
API Security Testing: How to Use OWASP guidance as your blueprint

How to use OWASP guidance as your API security testing blueprint.
Exploit APIs with cURL

Learn how to use cURL in your exploits and demonstrate impact to the API vulnerabilities you find.