-
3 ways to use Common Attack Patterns to abuse an API
How to use Common Attack Patterns to improve your API security testing methodology.
-
A “cewl” way for API discovery
Learn how to leverage CeWL to generate custom word lists from release notes, changelogs, and product roadmaps for use in API discovery.
-
Grepping through API payloads with Gron
Level up your API security testing skills by learning how to use Gron to grep through the JSON payloads of the API endpoints you are hacking.
-
Avoiding the Apocalypse: A Guide to Finding Zombie APIs
Learn how to look for those old forgotten zombie APIs that can be a goldmine of vulnerabilities and security loopholes.
-
The Lucrative Economics of API Hacking
Learn how you can make more money in less time on a consistent basis by focusing on API pentesting rather than bug bounty hunting.
-
Cross-Tenant Data Leaks (CTDL): Why API Hackers Should Be On The LookOut
Learn how to find vulnerabilities in multi-tenant apps and APIs that expose cross-tenant data leaks (CTDL) during your security testing.
-
How to get started as an API hacker
Gain the necessary knowledge and skills you need to find your first security vulnerability in the APIs you are testing.
-
Attacking APIs by tainting data in weird places
Discover ways to modify API requests during testing to corrupt data and manipulate code flow, allowing you to uncover new vulnerabilities.
-
The Security Researcher’s Guide to Reporting Vulnerabilities to Vendors
Learn how to avoid conflict when you approach a company and report a vulnerability you found as a security researcher.
-
Finding API secrets in hidden layers within Docker containers
Learn how to find and extract sensitive secrets and source code to APIs hidden within the layers of Docker container images.
Dana Epp's Blog
Security (de)engineering for fun and profit