Dana Epp, Author at Dana Epp's Blog

Learn how to write Bambda filters in Burp Suite that can automatically detect uncommon headers in the APIs you are testing.

Restricting emergency alerts during a disaster due to rate limiting is in itself a disaster. Learn how to look for this during your API testing.

Use this simple guide to learn how to use NoSQL injection to bypass the authentication in the APIs you are testing.

No soothsayer can predict what the threat landscape may look like in 2024. But check out these predictions of what API security may look like.

Learn how to use Structured Format Injection (SFI) through Server Side Parameter Pollution (SSPP) to exploit an API.

Read an intriguing real world story about how tainted data and API abuse can lead to the perfect digital bank heist.

Learn how to find “dark data” in the responses to API calls you make during your security testing engagements.

Learn how to write your own Bambda filters in Burp Suite to do complex filtering of your proxy HTTP history.

Learn how to use chaos engineering to break an API on purpose to find new types of vulnerabilities that you don’t normally find in testing.

Learn how to uncover elusive dev, test, and production instances of an API hidden behind virtual hosting through VHOST discovery.

Author: Dana Epp