Dana Epp's Blog
Security (de)engineering for fun and profit
Learn how to write your own Bambda filters in Burp Suite to do complex filtering of your proxy HTTP history.
Learn how to uncover elusive dev, test, and production instances of an API hidden behind virtual hosting through VHOST discovery.
Learn how to bypass API rate limiting security controls using IP rotation in Burp Suite via Amazon API Gateway.
Learn how to use the AI in Eyeballer from BishopFox to help identify interesting targets during recon of your web apps & APIs.
Learn how to create mind maps that can help you improve your API hacking methodology during security testing and pentest engagements.
Explore using the no-code programming environment in Postman Flows to visually design and run API exploits as part of your security research.
Learn how to use the generative AI models built into Postman to quickly build tests to check for vulnerabilities in the APIs you are testing.
Learn how to use Noir for attack surface detection on the APIs you are currently conducting security testing on.
Learn how to leverage a command injection vulnerability found in an API to gain a reverse shell to a server with nothing more than cURL.
Learn how to get the most out of the reporting capabilities built into PortSwigger’s Burp Suite Professional.