Dana Epp's Blog
Security (de)engineering for fun and profit
Write your own extensions in Python to pwn your API targets with BurpSuite
Check out these 5 simple questions that will help make your API penetration testing engagement more successful.
Check out these three training resources that can help you with your API hacking tradecraft.
Let me tell you a story about the time I hacked into a .NET API through a bit of luck and reverse engineering.
Learn how to use out-of-band application security testing (OAST) to find more complex vulnerabilities in the APIs you test.
Learn how to extract API artifacts from a docker image and decompile them to source code to find vulnerabilities using taint analysis.
Learn how to extract artifacts from OpenAPI docs using jq to help you attack APIs
Learn three reasons why QA people should get into API hacking to help secure their company’s apps.
Learn how to find exploitable vulnerabilities in your APIs using taint analysis.
Check out the 3 cyber warfare books every API hacker should read to learn about offensive security, past, present, and future.