Dana Epp's Blog
Security (de)engineering for fun and profit
Explore using the no-code programming environment in Postman Flows to visually design and run API exploits as part of your security research.
Learn why API hacking should be an important and critical component of your web app security testing process.
Learn how to use the generative AI models built into Postman to quickly build tests to check for vulnerabilities in the APIs you are testing.
Learn how to use Noir for attack surface detection on the APIs you are currently conducting security testing on.
Learn how to leverage a command injection vulnerability found in an API to gain a reverse shell to a server with nothing more than cURL.
Embrace failure. Explore how mistakes and setbacks can fuel innovation, refine skills, and deepen understanding in the world of API hacking.
Learn how to set up your own wiretaps on compromised web servers to remotely collect sensitive data for use in API privesc.
A good report title is so clear and concise that anyone reading it understands the issue immediately. Learn how to write vulnerability report titles that don’t suck!
Learn how to get the most out of the reporting capabilities built into PortSwigger’s Burp Suite Professional.
Check out this curated list of FREE resources you can use to master Burp Suite for web app and API security testing.