Dana Epp's Blog
Security (de)engineering for fun and profit
Learn how to find and extract sensitive secrets and source code to APIs hidden within the layers of Docker container images.
Discover how to use GNU Privacy Guard (GPG) to communicate with security triage teams as a security researcher.
Check out these changes coming to the OWASP API Security Top 10 list!
Write your own extensions in Python to pwn your API targets with BurpSuite
Learn how to extract API artifacts from a docker image and decompile them to source code to find vulnerabilities using taint analysis.
Check out the coolest extensions to help out when hacking APIs in Burp.
Learn how to use Postman to attack the Microsoft Graph API.
Learn how to use Postman to attack APIs with payload injection.
Learn how to reverse engineer an undocumented API using your own rogue docs.
Learn how to use cURL in your exploits and demonstrate impact to the API vulnerabilities you find.