SilverStr

Dana Epp's Blog

Security (de)engineering for fun and profit

  • About
  • Blog
  • Home
  • July 11, 2023

    Improve your API Security Testing with Burp BCheck Scripts

    Improve your API Security Testing with Burp BCheck Scripts

    Learn how to write your own Burp BCheck scripts to tap into the web vulnerability scanner to automate your API security testing.

  • July 4, 2023

    How to exploit an API using prototype pollution

    How to exploit an API using prototype pollution

    Learn how to use server-side prototype pollution (SSPP) to abuse an API written in NodeJS for privilege escalation and remote code execution.

  • June 27, 2023

    3 ways to use Common Attack Patterns to abuse an API

    3 ways to use Common Attack Patterns to abuse an API

    How to use Common Attack Patterns to improve your API security testing methodology.

  • June 20, 2023

    A “cewl” way for API discovery

    A “cewl” way for API discovery

    Learn how to leverage CeWL to generate custom word lists from release notes, changelogs, and product roadmaps for use in API discovery.

  • June 13, 2023

    Grepping through API payloads with Gron

    Grepping through API payloads with Gron

    Level up your API security testing skills by learning how to use Gron to grep through the JSON payloads of the API endpoints you are hacking.

  • June 6, 2023

    Avoiding the Apocalypse: A Guide to Finding Zombie APIs

    Avoiding the Apocalypse: A Guide to Finding Zombie APIs

    Learn how to look for those old forgotten zombie APIs that can be a goldmine of vulnerabilities and security loopholes.

  • May 30, 2023

    The Lucrative Economics of API Hacking

    The Lucrative Economics of API Hacking

    Learn how you can make more money in less time on a consistent basis by focusing on API pentesting rather than bug bounty hunting.

  • May 23, 2023

    Cross-Tenant Data Leaks (CTDL): Why API Hackers Should Be On The LookOut

    Cross-Tenant Data Leaks (CTDL): Why API Hackers Should Be On The LookOut

    Learn how to find vulnerabilities in multi-tenant apps and APIs that expose cross-tenant data leaks (CTDL) during your security testing.

  • May 16, 2023

    How to get started as an API hacker

    How to get started as an API hacker

    Gain the necessary knowledge and skills you need to find your first security vulnerability in the APIs you are testing.

  • May 9, 2023

    Attacking APIs by tainting data in weird places

    Attacking APIs by tainting data in weird places

    Discover ways to modify API requests during testing to corrupt data and manipulate code flow, allowing you to uncover new vulnerabilities.

←Previous Page
1 2 3 4 … 7
Next Page→
 

Loading Comments...