Dana Epp's Blog
Security (de)engineering for fun and profit
Learn how to write your own Burp BCheck scripts to tap into the web vulnerability scanner to automate your API security testing.
Learn how to use server-side prototype pollution (SSPP) to abuse an API written in NodeJS for privilege escalation and remote code execution.
How to use Common Attack Patterns to improve your API security testing methodology.
Learn how to leverage CeWL to generate custom word lists from release notes, changelogs, and product roadmaps for use in API discovery.
Level up your API security testing skills by learning how to use Gron to grep through the JSON payloads of the API endpoints you are hacking.
Learn how to look for those old forgotten zombie APIs that can be a goldmine of vulnerabilities and security loopholes.
Learn how you can make more money in less time on a consistent basis by focusing on API pentesting rather than bug bounty hunting.
Learn how to find vulnerabilities in multi-tenant apps and APIs that expose cross-tenant data leaks (CTDL) during your security testing.
Gain the necessary knowledge and skills you need to find your first security vulnerability in the APIs you are testing.
Discover ways to modify API requests during testing to corrupt data and manipulate code flow, allowing you to uncover new vulnerabilities.