Let's explore the latest book by Packt Publishing on "Pentesting APIs" and see if it's worth putting on an API hacker's bookshelf. The post Is the latest book on “Pentesting APIs” any good? appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn how to cross-reference Known Exploit Vulnerabilities (KEV) against CWE to find the best attack vectors to use during security testing. The post KEV + CWE = Attack Vector ❤️🔥 appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn how to write exploits that take advantage of blind command injection vulnerabilities using a time-delayed boolean oracle attack. The post From Exploit to Extraction: Data Exfil in Blind RCE Attacks appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn five tips that will help improve the API exploits you submit into security triage as part of your vulnerability research. The post 5 tips to improve your API exploits appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn how to use MITRE's Common Weakness Enumerations (CWE) entries to level up your vulnerability reports. The post Level Up Your Vulnerability Reports With CWEs appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn why HTTPie is a great replacement for curl and how to use it when conducting your own API security testing.| Dana Epp's Blog
Learn why Human Application Security Testing (HAST) is important to API hackers.| Dana Epp's Blog
Learn how to write Burp Suite extensions using the new Montoya API with Kotlin and Visual Studio Code (VS Code).| Dana Epp's Blog
Learn how to bypass API rate limiting security controls using IP rotation in Burp Suite via Amazon API Gateway.| Dana Epp's Blog