Dana Epp, Author at Dana Epp's Blog

Learn how to set up your hacking environment to attack mobile apps & APIs running on modern versions of Android with Burp Suite.

Learn why the X-Bug-Bounty custom HTTP header can be helpful during your bug bounty engagements with a target.

Gain a competitive edge over other security researchers by detecting changes to APIs before others even know about them by using oasdiff.

Let’s look at Tracfone’s $16 million settlement with the FCC to understand why API security testing matters.

Learn how to map MITRE CAPEC attack patterns to STRIDE threat model categories and improve your approach to security testing.

Learn how to conduct covert data exfiltration within JSON payloads of an API response.

Learn how to fuzz JSON to find security vulnerabilities in the APIs you are hacking with the help of a custom wordlist and Param Miner.

Learn how to use Param Miner to find hidden parameters that may help manipulate an API in unintended ways, revealing potential security flaws.

Learn how to weaponize API discovery metadata to improve your recon of the APIs you are hacking or conducting security testing on.

Learn why HTTPie is a great replacement for curl and how to use it when conducting your own API security testing.

Author: Dana Epp