-
Bypassing API rate limiting using IP rotation in Burp Suite
Learn how to bypass API rate limiting security controls using IP rotation in Burp Suite via Amazon API Gateway.
-
5 ways to improve your GraphQL hacking skills
Explore five ways that you can improve your GraphQL hacking skills, and learn how to practice your newly found skills in a safe way.
-
API Recon Tip: Using AI to “Eyeball” your targets
Learn how to use the AI in Eyeballer from BishopFox to help identify interesting targets during recon of your web apps & APIs.
-
Adversarial Thinking for Bug Hunters
Learn how to use adversarial thinking with OWASP and MITRE to better approach security testing of your web apps and APIs.
-
Proving API exploitability with Burp Collaborator
Learn how to prove API exploitability through the use of the Burp Collaborator for out-of-band application security testing (OAST).
-
What API hackers need to know about the Exploit Prediction Scoring System
Learn how to leverage the Exploit Prediction Scoring System (EPSS) to identify the vulnerabilities in your APIs that are most exploitable.
-
The Art of Using Mind Maps to Improve Your API Hacking
Learn how to create mind maps that can help you improve your API hacking methodology during security testing and pentest engagements.
-
Finding Hidden API Endpoints Using Path Prediction
Learn how to use contextual discovery and path prediction to find hidden API endpoints during your security testing.
-
Writing API exploits using Postman Flows
Explore using the no-code programming environment in Postman Flows to visually design and run API exploits as part of your security research.
-
Why API Hacking is Critical to Web App Security Testing
Learn why API hacking should be an important and critical component of your web app security testing process.
Dana Epp's Blog
Security (de)engineering for fun and profit