Author: Dana Epp

• April 18, 2023

  How to use GPG as a security researcher

  

  Discover how to use GNU Privacy Guard (GPG) to communicate with security triage teams as a security researcher.
• April 11, 2023

  Exploiting Server Side Request Forgery (SSRF) in an API

  

  Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API.
• April 4, 2023

  “Pay peanuts, Get monkeys”: The API Penetration Testing Pricing Dilemma

  

  Learn how to assess the real costs for application security assessments that include proper penetration testing.
• March 28, 2023

  How Adversaries Attack APIs Through Dependencies

  

  We must become curators of API dependencies, NOT consumers!!
• March 21, 2023

  Why writing API exploits is important when reporting vulnerabilities

  

  Learn why it’s important to include a working exploit in your vulnerability report and how to protect it so others don’t weaponize it.
• March 14, 2023

  Is Offensive AI Going to be a Problem for API Hackers?

  

  Learn the ins and outs of offensive AI and how API hackers can benefit from it.
• March 7, 2023

  OWASP API Security Top 10: Upcoming Changes You Need To Know About

  

  Check out these changes coming to the OWASP API Security Top 10 list!
• February 28, 2023

  An API Security Testing Checklist… with a twist

  

  Learn how to look more offensively at API security testing and apply the concept of common attack pattern enumeration to your checklists.
• February 21, 2023

  Analyzing Your Existing API Testing Through a Security Lens

  

  Learn how to look at your API testing through a security lens to get the best code coverage and approach it with offensive security in mind.
• February 14, 2023

  Exploiting embedded APIs by dumping firmware

  

  Hack the hardware to find the firmware and swipe the source code of APIs under security testing.