Dana Epp's Blog
Security (de)engineering for fun and profit
Learn how to use chaos engineering to break an API on purpose to find new types of vulnerabilities that you don’t normally find in testing.
Learn how to use adversarial thinking with OWASP and MITRE to better approach security testing of your web apps and APIs.
Learn how to create mind maps that can help you improve your API hacking methodology during security testing and pentest engagements.
Learn why API hacking should be an important and critical component of your web app security testing process.
Embrace failure. Explore how mistakes and setbacks can fuel innovation, refine skills, and deepen understanding in the world of API hacking.
A good report title is so clear and concise that anyone reading it understands the issue immediately. Learn how to write vulnerability report titles that don’t suck!
Learn how you can make more money in less time on a consistent basis by focusing on API pentesting rather than bug bounty hunting.
Learn how to assess the real costs for application security assessments that include proper penetration testing.
Learn how to look more offensively at API security testing and apply the concept of common attack pattern enumeration to your checklists.
Learn how as a hacker to beat down the demon of self-doubt and embrace imposter syndrome as a healthy signal for motivation and drive.