Dana Epp's Blog

Security (de)engineering for fun and profit

Hi, I’m Dana Epp.

I write this blog, build and break software for a living, and am a Microsoft Regional Director and Developer Security MVP.

#danaepp

You can subscribe to the API Hacker’s Inner Circle Newsletter here.

LATEST ARTICLES

Avoiding the Apocalypse: A Guide to Finding Zombie APIs

Learn how to look for those old forgotten zombie APIs that can be a goldmine of vulnerabilities and security loopholes.
The Lucrative Economics of API Hacking

Learn how you can make more money in less time on a consistent basis by focusing on API pentesting rather than bug bounty hunting.
Cross-Tenant Data Leaks (CTDL): Why API Hackers Should Be On The LookOut

Learn how to find vulnerabilities in multi-tenant apps and APIs that expose cross-tenant data leaks (CTDL) during your security testing.

POPULAR ARTICLES

The Beginner’s Guide to API Hacking

How to get started with web API security testing.
API Security Testing: How to Use OWASP guidance as your blueprint

How to use OWASP guidance as your API security testing blueprint.
Exploit APIs with cURL

Learn how to use cURL in your exploits and demonstrate impact to the API vulnerabilities you find.