-
How to use Azure to crack API auth tokens
Learn how to crack API auth tokens using Azure cloud computing.
-
Why API hacking is NOT a crime
API hacking is NOT a crime. Hackers are not criminals. Criminals are criminals. And if you see it any other way, you can byte me.
-
The API Hacker’s Guide to Payload Injection with Postman
Learn how to use Postman to attack APIs with payload injection.
-
How to find access control issues in APIs
Learn how to hack APIs by exploiting authorization vulnerabilities.
-
5 Books Every API Hacker Should Read
Check out the 5 essential books that every API hacker should read and keep on their bookshelf.
-
The Bug Bounty Dilemma: When to give up on an API target
Hacking APIs for fun and profit requires you to know how long to stay on target, and knowing when to give up. Let’s discuss.
-
How to craft rogue API docs for a target when they don’t exist
Learn how to reverse engineer an undocumented API using your own rogue docs.
-
How to Detect the Programming Language of an API
Learn 3 tricks that can help you discover the language an API was written in.
-
Hardcoded cloud creds prove it’s easy for API hackers to win
Learn how API keys and tokens are being baked into mobile apps, and how you can win on #redteam because of this oversight.
Dana Epp's Blog
Security (de)engineering for fun and profit
