SilverStr

Dana Epp's Blog

Security (de)engineering for fun and profit

  • Home
  • Blog
  • About
  • June 6, 2023

    Avoiding the Apocalypse: A Guide to Finding Zombie APIs

    Avoiding the Apocalypse: A Guide to Finding Zombie APIs

    Learn how to look for those old forgotten zombie APIs that can be a goldmine of vulnerabilities and security loopholes.

  • May 30, 2023

    The Lucrative Economics of API Hacking

    The Lucrative Economics of API Hacking

    Learn how you can make more money in less time on a consistent basis by focusing on API pentesting rather than bug bounty hunting.

  • May 23, 2023

    Cross-Tenant Data Leaks (CTDL): Why API Hackers Should Be On The LookOut

    Cross-Tenant Data Leaks (CTDL): Why API Hackers Should Be On The LookOut

    Learn how to find vulnerabilities in multi-tenant apps and APIs that expose cross-tenant data leaks (CTDL) during your security testing.

  • May 16, 2023

    How to get started as an API hacker

    How to get started as an API hacker

    Gain the necessary knowledge and skills you need to find your first security vulnerability in the APIs you are testing.

  • May 9, 2023

    Attacking APIs by tainting data in weird places

    Attacking APIs by tainting data in weird places

    Discover ways to modify API requests during testing to corrupt data and manipulate code flow, allowing you to uncover new vulnerabilities.

  • May 2, 2023

    The Security Researcher’s Guide to Reporting Vulnerabilities to Vendors

    The Security Researcher’s Guide to Reporting Vulnerabilities to Vendors

    Learn how to avoid conflict when you approach a company and report a vulnerability you found as a security researcher.

  • April 25, 2023

    Finding API secrets in hidden layers within Docker containers

    Finding API secrets in hidden layers within Docker containers

    Learn how to find and extract sensitive secrets and source code to APIs hidden within the layers of Docker container images.

  • April 18, 2023

    How to use GPG as a security researcher

    How to use GPG as a security researcher

    Discover how to use GNU Privacy Guard (GPG) to communicate with security triage teams as a security researcher.

  • April 11, 2023

    Exploiting Server Side Request Forgery (SSRF) in an API

    Exploiting Server Side Request Forgery (SSRF) in an API

    Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API.

  • April 4, 2023

    “Pay peanuts, Get monkeys”: The API Penetration Testing Pricing Dilemma

    “Pay peanuts, Get monkeys”: The API Penetration Testing Pricing Dilemma

    Learn how to assess the real costs for application security assessments that include proper penetration testing.

1 2 3 … 6
Next Page→
 

Loading Comments...