Dana Epp's Blog
Security (de)engineering for fun and profit
Learn how to look for those old forgotten zombie APIs that can be a goldmine of vulnerabilities and security loopholes.
Learn how to find vulnerabilities in multi-tenant apps and APIs that expose cross-tenant data leaks (CTDL) during your security testing.
Discover ways to modify API requests during testing to corrupt data and manipulate code flow, allowing you to uncover new vulnerabilities.
Learn how to find and extract sensitive secrets and source code to APIs hidden within the layers of Docker container images.
Check out this article to learn how to find and exploit server-side request forgery (SSRF) vulnerabilities in an API.
We must become curators of API dependencies, NOT consumers!!
Hack the hardware to find the firmware and swipe the source code of APIs under security testing.
Hacking APIs on IoT devices using a Flipper Zero
Check out these 5 simple questions that will help make your API penetration testing engagement more successful.
Let me tell you a story about the time I hacked into a .NET API through a bit of luck and reverse engineering.