-
Detecting Uncommon Headers in an API using Burp Bambda Filters
Learn how to write Bambda filters in Burp Suite that can automatically detect uncommon headers in the APIs you are testing.
-
From Tsunami to Twitter: How Rigorous API Testing Can Prevent Critical System Outages During Disasters
Restricting emergency alerts during a disaster due to rate limiting is in itself a disaster. Learn how to look for this during your API testing.
-
The No-Nonsense Guide to Bypassing API Auth Using NoSQL Injection
Use this simple guide to learn how to use NoSQL injection to bypass the authentication in the APIs you are testing.
-
Beyond the Crystal Ball: What API security may look like in 2024
No soothsayer can predict what the threat landscape may look like in 2024. But check out these predictions of what API security may look like.
-
Exploiting an API with Structured Format Injection
Learn how to use Structured Format Injection (SFI) through Server Side Parameter Pollution (SSPP) to exploit an API.
-
That time I broke into an API and became a billionaire
Read an intriguing real world story about how tainted data and API abuse can lead to the perfect digital bank heist.
-
Finding “dark data” in an API
Learn how to find “dark data” in the responses to API calls you make during your security testing engagements.
-
Writing Burp Bambda Filters Like a Boss
Learn how to write your own Bambda filters in Burp Suite to do complex filtering of your proxy HTTP history.
-
Using Chaos Engineering To Hack An API
Learn how to use chaos engineering to break an API on purpose to find new types of vulnerabilities that you don’t normally find in testing.
-
Uncovering Elusive API Targets via VHOST Discovery
Learn how to uncover elusive dev, test, and production instances of an API hidden behind virtual hosting through VHOST discovery.
Dana Epp's Blog
Security (de)engineering for fun and profit