Dana Epp's Blog
Security (de)engineering for fun and profit
Learn how to avoid conflict when you approach a company and report a vulnerability you found as a security researcher.
Learn how to find and extract sensitive secrets and source code to APIs hidden within the layers of Docker container images.
Discover how to use GNU Privacy Guard (GPG) to communicate with security triage teams as a security researcher.
Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API.
Learn how to assess the real costs for application security assessments that include proper penetration testing.
We must become curators of API dependencies, NOT consumers!!
Learn why it’s important to include a working exploit in your vulnerability report and how to protect it so others don’t weaponize it.
Learn the ins and outs of offensive AI and how API hackers can benefit from it.
Check out these changes coming to the OWASP API Security Top 10 list!
Learn how to look more offensively at API security testing and apply the concept of common attack pattern enumeration to your checklists.