Dana Epp
Dana Epp's Blog

Why you should stay “professionally detached” from the vulns you find

Why you should stay “professionally detached” from the vulns you find

| | API Hacking Mindset
Learn how to stay professionally detached from the vulnerabilities you discover and disclose as part of your security research. The post Why you should stay “professionally detached” from the vulns you find appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Why Shadow APIs provide a defenseless path for threat actors

Why Shadow APIs provide a defenseless path for threat actors

| | API Hacking Mindset
Learn why shadow APIs sometimes provide a defenseless path for threat actors, and learn what YOU can do about it. The post Why Shadow APIs provide a defenseless path for threat actors appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Is the latest book on “Pentesting APIs” any good?

Is the latest book on “Pentesting APIs” any good?

| | API Hacking Fundamentals
Let's explore the latest book by Packt Publishing on "Pentesting APIs" and see if it's worth putting on an API hacker's bookshelf. The post Is the latest book on “Pentesting APIs” any good? appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Evade IP blocking by using residential proxies

Evade IP blocking by using residential proxies

| | API Hacking Techniques, API Hacking Tools
Learn how to use upstream residential and mobile proxies in Burp Suite to evade IP blocking during your API security testing. The post Evade IP blocking by using residential proxies appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
KEV + CWE = Attack Vector ❤️‍🔥

KEV + CWE = Attack Vector ❤️‍🔥

| | API Hacking Fundamentals
Learn how to cross-reference Known Exploit Vulnerabilities (KEV) against CWE to find the best attack vectors to use during security testing. The post KEV + CWE = Attack Vector ❤️‍🔥 appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
This Bug Got Me A $30,000 Bounty

From Exploit to Extraction: Data Exfil in Blind RCE Attacks

| | API Hacking Fundamentals, API Hacking Techniques
Learn how to write exploits that take advantage of blind command injection vulnerabilities using a time-delayed boolean oracle attack. The post From Exploit to Extraction: Data Exfil in Blind RCE Attacks appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Attacking APIs using JSON Injection

Attacking APIs using JSON Injection

| | API Hacking Techniques
Learn how to use JSON injection to manipulate API payloads to control the flow of data and business logic within an API. The post Attacking APIs using JSON Injection appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
5 tips to improve your API exploits

5 tips to improve your API exploits

| | API Hacking Fundamentals
Learn five tips that will help improve the API exploits you submit into security triage as part of your vulnerability research. The post 5 tips to improve your API exploits appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Hacking API discovery with a custom Burp extension

Hacking API discovery with a custom Burp extension

| | API Hacking Tools
Learn how to improve your API discovery with a custom Burp Suite extension dedicated to automatically finding API document artifacts for you. The post Hacking API discovery with a custom Burp extension appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Level Up Your Vulnerability Reports With CWEs

Level Up Your Vulnerability Reports With CWEs

| | API Hacking Fundamentals
Learn how to use MITRE's Common Weakness Enumerations (CWE) entries to level up your vulnerability reports. The post Level Up Your Vulnerability Reports With CWEs appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog