Dana Epp's Blog
Security (de)engineering for fun and profit
Learn how to bypass API rate limiting security controls using IP rotation in Burp Suite via Amazon API Gateway.
Explore five ways that you can improve your GraphQL hacking skills, and learn how to practice your newly found skills in a safe way.
Learn how to leverage the Exploit Prediction Scoring System (EPSS) to identify the vulnerabilities in your APIs that are most exploitable.
Check out this curated list of FREE resources you can use to master Burp Suite for web app and API security testing.
How to use Common Attack Patterns to improve your API security testing methodology.
Learn how to leverage CeWL to generate custom word lists from release notes, changelogs, and product roadmaps for use in API discovery.
Gain the necessary knowledge and skills you need to find your first security vulnerability in the APIs you are testing.
Learn how to avoid conflict when you approach a company and report a vulnerability you found as a security researcher.
Learn why it’s important to include a working exploit in your vulnerability report and how to protect it so others don’t weaponize it.
Learn how to look at your API testing through a security lens to get the best code coverage and approach it with offensive security in mind.