SilverStr

Dana Epp's Blog

Security (de)engineering for fun and profit

  • Home
  • Blog
  • About
  • January 17, 2023

    A Step-by-Step Guide to Writing Extensions for API Pentesting in BurpSuite

    A Step-by-Step Guide to Writing  Extensions for API Pentesting in BurpSuite

    Write your own extensions in Python to pwn your API targets with BurpSuite

  • January 10, 2023

    5 simple questions to make your API pentest more successful

    5 simple questions to make your API pentest more successful

    Check out these 5 simple questions that will help make your API penetration testing engagement more successful.

  • January 3, 2023

    3 training resources to improve your API hacking tradecraft

    3 training resources to improve your API hacking tradecraft

    Check out these three training resources that can help you with your API hacking tradecraft.

  • December 27, 2022

    Hacking a .NET API in the real world

    Hacking a .NET API in the real world

    Let me tell you a story about the time I hacked into a .NET API through a bit of luck and reverse engineering.

  • December 20, 2022

    How to use OAST to detect vulnerabilities in an API

    How to use OAST to detect vulnerabilities in an API

    Learn how to use out-of-band application security testing (OAST) to find more complex vulnerabilities in the APIs you test.

  • December 13, 2022

    Defeating a dockerized API to get access to source code

    Defeating a dockerized API to get access to source code

    Learn how to extract API artifacts from a docker image and decompile them to source code to find vulnerabilities using taint analysis.

  • December 6, 2022

    How to extract artifacts from OpenAPI docs to help attack APIs

    How to extract artifacts from OpenAPI docs to help attack APIs

    Learn how to extract artifacts from OpenAPI docs using jq to help you attack APIs

  • November 29, 2022

    3 reasons why QA people should get into API hacking

    3 reasons why QA people should get into API hacking

    Learn three reasons why QA people should get into API hacking to help secure their company’s apps.

  • November 22, 2022

    Tracing API exploitability through code review and taint analysis

    Tracing API exploitability through code review and taint analysis

    Learn how to find exploitable vulnerabilities in your APIs using taint analysis.

  • November 15, 2022

    3 Cyber Warfare Books Every API Hacker Should Read Over The Holidays

    3 Cyber Warfare Books Every API Hacker Should Read Over The Holidays

    Check out the 3 cyber warfare books every API hacker should read to learn about offensive security, past, present, and future.

←Previous Page
1 2 3 4 5
Next Page→
 

Loading Comments...