Author: Dana Epp

• June 18, 2024

  3 ways to improve appsec code auditing with graudit

  

  Learn how to improve your application security code reviews with the help of tools like graudit.
• June 11, 2024

  7 Deadly Sins of API Security Testing

  

  Explore the misconceptions and anti-patterns of applying security testing to APIs, and how to address them.
• June 4, 2024

  Why HAST is important to API hackers

  

  Learn why Human Application Security Testing (HAST) is important to API hackers.
• May 28, 2024

  Writing Burp extensions in Kotlin

  

  Learn how to write Burp Suite extensions using the new Montoya API with Kotlin and Visual Studio Code (VS Code)
• May 21, 2024

  Sensitive Data Detection using AI for API Hackers

  

  Learn how to use artificial intelligence (AI) to discover sensitive data in the APIs you are hacking with the help of Microsoft Presidio.
• May 14, 2024

  Reverse Engineering Electron Apps to Discover APIs

  

  Learn how to reverse engineer an Electron app to find artifacts like source code and API endpoints, and capture live traffic with Burp Suite.
• May 7, 2024

  Guts & Greed: How Bug Hunter Arrogance and Apathy Hurts Us All

  

  Explore why bug hunters should be more patient as vendors try to improve their application security maturity from a VDP to a BBP.
• April 30, 2024

  Finding Attack Vectors using API Linting

  

  Learn how to weaponize developer tools used for API linting to find attack vectors in the APIs you are hacking.
• April 23, 2024

  5 Tips for API Hackers on Picking Your First Target

  

  Check out these five tips to help you pick your first target when starting bug bounty hunting against APIs.
• April 16, 2024

  Is Bruno a good Postman alternative for API hacking?

  

  Follow my journey as I try Bruno for the first time and see if it’s a good alternative to Postman for API hacking.