Dana Epp's Blog
Security (de)engineering for fun and profit
Learn how to look for those old forgotten zombie APIs that can be a goldmine of vulnerabilities and security loopholes.
Learn how you can make more money in less time on a consistent basis by focusing on API pentesting rather than bug bounty hunting.
Learn how to find vulnerabilities in multi-tenant apps and APIs that expose cross-tenant data leaks (CTDL) during your security testing.
Gain the necessary knowledge and skills you need to find your first security vulnerability in the APIs you are testing.
Discover ways to modify API requests during testing to corrupt data and manipulate code flow, allowing you to uncover new vulnerabilities.
Learn how to avoid conflict when you approach a company and report a vulnerability you found as a security researcher.
Learn how to find and extract sensitive secrets and source code to APIs hidden within the layers of Docker container images.
Discover how to use GNU Privacy Guard (GPG) to communicate with security triage teams as a security researcher.
Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API.
Learn how to assess the real costs for application security assessments that include proper penetration testing.