Dana Epp's Blog
Security (de)engineering for fun and profit
Gain the necessary knowledge and skills you need to find your first security vulnerability in the APIs you are testing.
Learn how to avoid conflict when you approach a company and report a vulnerability you found as a security researcher.
Learn why it’s important to include a working exploit in your vulnerability report and how to protect it so others don’t weaponize it.
Learn how to look at your API testing through a security lens to get the best code coverage and approach it with offensive security in mind.
Check out these three training resources that can help you with your API hacking tradecraft.
Learn how to use out-of-band application security testing (OAST) to find more complex vulnerabilities in the APIs you test.
Learn three reasons why QA people should get into API hacking to help secure their company’s apps.
Learn how to find exploitable vulnerabilities in your APIs using taint analysis.
Learn the rules of engagement when pentesting APIs.
Learn how to crack API auth tokens using Azure cloud computing.