-
3 ways to improve appsec code auditing with graudit
Learn how to improve your application security code reviews with the help of tools like graudit.
-
7 Deadly Sins of API Security Testing
Explore the misconceptions and anti-patterns of applying security testing to APIs, and how to address them.
-
Why HAST is important to API hackers
Learn why Human Application Security Testing (HAST) is important to API hackers.
-
Writing Burp extensions in Kotlin
Learn how to write Burp Suite extensions using the new Montoya API with Kotlin and Visual Studio Code (VS Code)
-
Sensitive Data Detection using AI for API Hackers
Learn how to use artificial intelligence (AI) to discover sensitive data in the APIs you are hacking with the help of Microsoft Presidio.
-
Reverse Engineering Electron Apps to Discover APIs
Learn how to reverse engineer an Electron app to find artifacts like source code and API endpoints, and capture live traffic with Burp Suite.
-
Guts & Greed: How Bug Hunter Arrogance and Apathy Hurts Us All
Explore why bug hunters should be more patient as vendors try to improve their application security maturity from a VDP to a BBP.
-
Finding Attack Vectors using API Linting
Learn how to weaponize developer tools used for API linting to find attack vectors in the APIs you are hacking.
-
5 Tips for API Hackers on Picking Your First Target
Check out these five tips to help you pick your first target when starting bug bounty hunting against APIs.
-
Is Bruno a good Postman alternative for API hacking?
Follow my journey as I try Bruno for the first time and see if it’s a good alternative to Postman for API hacking.
Dana Epp's Blog
Security (de)engineering for fun and profit