-
A Step-by-Step Guide to Writing Extensions for API Pentesting in BurpSuite
Write your own extensions in Python to pwn your API targets with BurpSuite
-
5 simple questions to make your API pentest more successful
Check out these 5 simple questions that will help make your API penetration testing engagement more successful.
-
3 training resources to improve your API hacking tradecraft
Check out these three training resources that can help you with your API hacking tradecraft.
-
Hacking a .NET API in the real world
Let me tell you a story about the time I hacked into a .NET API through a bit of luck and reverse engineering.
-
How to use OAST to detect vulnerabilities in an API
Learn how to use out-of-band application security testing (OAST) to find more complex vulnerabilities in the APIs you test.
-
Defeating a dockerized API to get access to source code
Learn how to extract API artifacts from a docker image and decompile them to source code to find vulnerabilities using taint analysis.
-
How to extract artifacts from OpenAPI docs to help attack APIs
Learn how to extract artifacts from OpenAPI docs using jq to help you attack APIs
-
3 reasons why QA people should get into API hacking
Learn three reasons why QA people should get into API hacking to help secure their company’s apps.
-
Tracing API exploitability through code review and taint analysis
Learn how to find exploitable vulnerabilities in your APIs using taint analysis.
-
3 Cyber Warfare Books Every API Hacker Should Read Over The Holidays
Check out the 3 cyber warfare books every API hacker should read to learn about offensive security, past, present, and future.
Dana Epp's Blog
Security (de)engineering for fun and profit