-
The Security Researcher’s Guide to Reporting Vulnerabilities to Vendors
Learn how to avoid conflict when you approach a company and report a vulnerability you found as a security researcher.
-
Finding API secrets in hidden layers within Docker containers
Learn how to find and extract sensitive secrets and source code to APIs hidden within the layers of Docker container images.
-
How to use GPG as a security researcher
Discover how to use GNU Privacy Guard (GPG) to communicate with security triage teams as a security researcher.
-
Exploiting Server Side Request Forgery (SSRF) in an API
Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API.
-
“Pay peanuts, Get monkeys”: The API Penetration Testing Pricing Dilemma
Learn how to assess the real costs for application security assessments that include proper penetration testing.
-
How Adversaries Attack APIs Through Dependencies
We must become curators of API dependencies, NOT consumers!!
-
Why writing API exploits is important when reporting vulnerabilities
Learn why it’s important to include a working exploit in your vulnerability report and how to protect it so others don’t weaponize it.
-
Is Offensive AI Going to be a Problem for API Hackers?
Learn the ins and outs of offensive AI and how API hackers can benefit from it.
-
OWASP API Security Top 10: Upcoming Changes You Need To Know About
Check out these changes coming to the OWASP API Security Top 10 list!
-
An API Security Testing Checklist… with a twist
Learn how to look more offensively at API security testing and apply the concept of common attack pattern enumeration to your checklists.
Dana Epp's Blog
Security (de)engineering for fun and profit