-
How to use GPG as a security researcher
Discover how to use GNU Privacy Guard (GPG) to communicate with security triage teams as a security researcher.
-
Exploiting Server Side Request Forgery (SSRF) in an API
Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API.
-
“Pay peanuts, Get monkeys”: The API Penetration Testing Pricing Dilemma
Learn how to assess the real costs for application security assessments that include proper penetration testing.
-
How Adversaries Attack APIs Through Dependencies
We must become curators of API dependencies, NOT consumers!!
-
Why writing API exploits is important when reporting vulnerabilities
Learn why it’s important to include a working exploit in your vulnerability report and how to protect it so others don’t weaponize it.
-
Is Offensive AI Going to be a Problem for API Hackers?
Learn the ins and outs of offensive AI and how API hackers can benefit from it.
-
OWASP API Security Top 10: Upcoming Changes You Need To Know About
Check out these changes coming to the OWASP API Security Top 10 list!
-
An API Security Testing Checklist… with a twist
Learn how to look more offensively at API security testing and apply the concept of common attack pattern enumeration to your checklists.
-
Analyzing Your Existing API Testing Through a Security Lens
Learn how to look at your API testing through a security lens to get the best code coverage and approach it with offensive security in mind.
-
Exploiting embedded APIs by dumping firmware
Hack the hardware to find the firmware and swipe the source code of APIs under security testing.
Dana Epp's Blog
Security (de)engineering for fun and profit