-
How to find access control issues in APIs
Learn how to hack APIs by exploiting authorization vulnerabilities.
-
5 Books Every API Hacker Should Read
Check out the 5 essential books that every API hacker should read and keep on their bookshelf.
-
The Bug Bounty Dilemma: When to give up on an API target
Hacking APIs for fun and profit requires you to know how long to stay on target, and knowing when to give up. Let’s discuss.
-
How to craft rogue API docs for a target when they don’t exist
Learn how to reverse engineer an undocumented API using your own rogue docs.
-
How to Detect the Programming Language of an API
Learn 3 tricks that can help you discover the language an API was written in.
-
Hardcoded cloud creds prove it’s easy for API hackers to win
Learn how API keys and tokens are being baked into mobile apps, and how you can win on #redteam because of this oversight.
-
How to Make Money Hacking APIs
Learn about the careers you can get into to make money hacking APIs.
-
Hackers abuse Yandex Taxi app API, causing massive traffic jam in Moscow
When APIs are used as binary bullets in cyber warfare, we should all take notice. Read up on the latest hacks in the Anonymous vs Russia saga.
-
Exploit APIs with cURL
Learn how to use cURL in your exploits and demonstrate impact to the API vulnerabilities you find.
-
API Security Testing: How to Use OWASP guidance as your blueprint
How to use OWASP guidance as your API security testing blueprint.
Dana Epp's Blog
Security (de)engineering for fun and profit