-
Using a Flipper Zero to access API source code on IoT devices
Hacking APIs on IoT devices using a Flipper Zero
-
Why you should never trust PoC exploits on GitHub
Read this to understand why you should never blindly trust proof of concept (PoC) exploits shared on GitHub.
-
A Step-by-Step Guide to Writing Extensions for API Pentesting in BurpSuite
Write your own extensions in Python to pwn your API targets with BurpSuite
-
5 simple questions to make your API pentest more successful
Check out these 5 simple questions that will help make your API penetration testing engagement more successful.
-
3 training resources to improve your API hacking tradecraft
Check out these three training resources that can help you with your API hacking tradecraft.
-
Hacking a .NET API in the real world
Let me tell you a story about the time I hacked into a .NET API through a bit of luck and reverse engineering.
-
How to use OAST to detect vulnerabilities in an API
Learn how to use out-of-band application security testing (OAST) to find more complex vulnerabilities in the APIs you test.
-
Defeating a dockerized API to get access to source code
Learn how to extract API artifacts from a docker image and decompile them to source code to find vulnerabilities using taint analysis.
-
How to extract artifacts from OpenAPI docs to help attack APIs
Learn how to extract artifacts from OpenAPI docs using jq to help you attack APIs
-
3 reasons why QA people should get into API hacking
Learn three reasons why QA people should get into API hacking to help secure their company’s apps.
Dana Epp's Blog
Security (de)engineering for fun and profit