-
API Security Testing using AI in Postman
Learn how to use the generative AI models built into Postman to quickly build tests to check for vulnerabilities in the APIs you are testing.
-
API Attack Surface Detection using Noir
Learn how to use Noir for attack surface detection on the APIs you are currently conducting security testing on.
-
Mastering API Exploitation: Crafting Reverse Shells via cURL
Learn how to leverage a command injection vulnerability found in an API to gain a reverse shell to a server with nothing more than cURL.
-
Why API hackers should embrace failure
Embrace failure. Explore how mistakes and setbacks can fuel innovation, refine skills, and deepen understanding in the world of API hacking.
-
My secret to API privesc: Tapping compromised web servers
Learn how to set up your own wiretaps on compromised web servers to remotely collect sensitive data for use in API privesc.
-
Why Your Vulnerability Report Titles Suck, and What to Do About It
A good report title is so clear and concise that anyone reading it understands the issue immediately. Learn how to write vulnerability report titles that don’t suck!
-
Here’s how I get the most out of Burp Suite reporting
Learn how to get the most out of the reporting capabilities built into PortSwigger’s Burp Suite Professional.
-
The Ultimate Guide to Learning Burp Suite for FREE
Check out this curated list of FREE resources you can use to master Burp Suite for web app and API security testing.
-
Improve your API Security Testing with Burp BCheck Scripts
Learn how to write your own Burp BCheck scripts to tap into the web vulnerability scanner to automate your API security testing.
-
How to exploit an API using prototype pollution
Learn how to use server-side prototype pollution (SSPP) to abuse an API written in NodeJS for privilege escalation and remote code execution.
Dana Epp's Blog
Security (de)engineering for fun and profit