-
Writing API exploits using Postman Flows
Explore using the no-code programming environment in Postman Flows to visually design and run API exploits as part of your security research.
-
Why API Hacking is Critical to Web App Security Testing
Learn why API hacking should be an important and critical component of your web app security testing process.
-
API Security Testing using AI in Postman
Learn how to use the generative AI models built into Postman to quickly build tests to check for vulnerabilities in the APIs you are testing.
-
API Attack Surface Detection using Noir
Learn how to use Noir for attack surface detection on the APIs you are currently conducting security testing on.
-
Mastering API Exploitation: Crafting Reverse Shells via cURL
Learn how to leverage a command injection vulnerability found in an API to gain a reverse shell to a server with nothing more than cURL.
-
Why API hackers should embrace failure
Embrace failure. Explore how mistakes and setbacks can fuel innovation, refine skills, and deepen understanding in the world of API hacking.
-
My secret to API privesc: Tapping compromised web servers
Learn how to set up your own wiretaps on compromised web servers to remotely collect sensitive data for use in API privesc.
-
Why Your Vulnerability Report Titles Suck, and What to Do About It
A good report title is so clear and concise that anyone reading it understands the issue immediately. Learn how to write vulnerability report titles that don’t suck!
-
Here’s how I get the most out of Burp Suite reporting
Learn how to get the most out of the reporting capabilities built into PortSwigger’s Burp Suite Professional.
-
The Ultimate Guide to Learning Burp Suite for FREE
Check out this curated list of FREE resources you can use to master Burp Suite for web app and API security testing.
Dana Epp's Blog
Security (de)engineering for fun and profit