How to craft rogue API docs for a target when they don't exist - Dana Epp's Blog
Learn how to reverse engineer an undocumented API using your own rogue docs.| Dana Epp's Blog
Hi, I’m Dana Epp. I write this blog, build and break software for a living, and am a Microsoft Developer Security MVP. LATEST ARTICLES NEW TO API HACKING? START HERE .| Dana Epp's Blog
Learn how to stay professionally detached from the vulnerabilities you discover and disclose as part of your security research. The post Why you should stay “professionally detached” from the vulns you find appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn why shadow APIs sometimes provide a defenseless path for threat actors, and learn what YOU can do about it. The post Why Shadow APIs provide a defenseless path for threat actors appeared first on Dana Epp's Blog.| Dana Epp's Blog
Let's explore the latest book by Packt Publishing on "Pentesting APIs" and see if it's worth putting on an API hacker's bookshelf. The post Is the latest book on “Pentesting APIs” any good? appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn how to use upstream residential and mobile proxies in Burp Suite to evade IP blocking during your API security testing. The post Evade IP blocking by using residential proxies appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn how to cross-reference Known Exploit Vulnerabilities (KEV) against CWE to find the best attack vectors to use during security testing. The post KEV + CWE = Attack Vector ❤️🔥 appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn how to write exploits that take advantage of blind command injection vulnerabilities using a time-delayed boolean oracle attack. The post From Exploit to Extraction: Data Exfil in Blind RCE Attacks appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn how to use JSON injection to manipulate API payloads to control the flow of data and business logic within an API. The post Attacking APIs using JSON Injection appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn five tips that will help improve the API exploits you submit into security triage as part of your vulnerability research. The post 5 tips to improve your API exploits appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn how to improve your API discovery with a custom Burp Suite extension dedicated to automatically finding API document artifacts for you. The post Hacking API discovery with a custom Burp extension appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn how to use MITRE's Common Weakness Enumerations (CWE) entries to level up your vulnerability reports. The post Level Up Your Vulnerability Reports With CWEs appeared first on Dana Epp's Blog.| Dana Epp's Blog
Learn how to reverse engineer an undocumented API using your own rogue docs.| Dana Epp's Blog
Learn how to conduct covert data exfiltration within JSON payloads of an API response.| Dana Epp's Blog
Discover ways to modify API requests during testing to corrupt data and manipulate code flow, allowing you to uncover new vulnerabilities.| Dana Epp's Blog
Learn how to use Param Miner to find hidden parameters that may help manipulate an API in unintended ways, revealing potential security flaws| Dana Epp's Blog
Learn why HTTPie is a great replacement for curl and how to use it when conducting your own API security testing.| Dana Epp's Blog
Learn how to improve your application security code reviews with the help of tools like graudit.| Dana Epp's Blog
Learn why Human Application Security Testing (HAST) is important to API hackers.| Dana Epp's Blog
Learn how to write Burp Suite extensions using the new Montoya API with Kotlin and Visual Studio Code (VS Code).| Dana Epp's Blog
Learn how to use artificial intelligence (AI) to discover sensitive data in the APIs you are hacking with the help of Microsoft Presidio.| Dana Epp's Blog
Nuclei can be used for more than vulnerability scanning. Learn how to leverage it as a tool for your API hacking.| Dana Epp's Blog
Restricting emergency alerts during a disaster due to rate limiting is in itself a disaster. Learn how to look for this during API testing.| Dana Epp's Blog
Learn how to bypass API rate limiting security controls using IP rotation in Burp Suite via Amazon API Gateway.| Dana Epp's Blog
Learn how to use the AI in Eyeballer from BishopFox to help identify interesting targets during recon of your web apps & APIs.| Dana Epp's Blog
