Dana Epp's Blog
Security (de)engineering for fun and profit
Learn how to write your own Bambda filters in Burp Suite to do complex filtering of your proxy HTTP history.
Learn how to use chaos engineering to break an API on purpose to find new types of vulnerabilities that you don’t normally find in testing.
Learn how to uncover elusive dev, test, and production instances of an API hidden behind virtual hosting through VHOST discovery.
Learn how to bypass API rate limiting security controls using IP rotation in Burp Suite via Amazon API Gateway.
Explore five ways that you can improve your GraphQL hacking skills, and learn how to practice your newly found skills in a safe way.
Learn how to use the AI in Eyeballer from BishopFox to help identify interesting targets during recon of your web apps & APIs.
Learn how to use adversarial thinking with OWASP and MITRE to better approach security testing of your web apps and APIs.
Learn how to prove API exploitability through the use of the Burp Collaborator for out-of-band application security testing (OAST).
Learn how to leverage the Exploit Prediction Scoring System (EPSS) to identify the vulnerabilities in your APIs that are most exploitable.
Learn how to create mind maps that can help you improve your API hacking methodology during security testing and pentest engagements.