Improving port scans against API servers

Improving port scans against API servers

Learn how to improve the performance of your port scans against API servers with the use of Project Discovery's Naabu scanner. The post Improving port scans against API servers appeared first on Dana Epp's Blog ... Read More
Discovering API secrets & endpoints using APKLeaks

Discovering API secrets & endpoints using APKLeaks

Learn how to improve your recon process with the use of apkleaks to find hidden API servers, secrets, and endpoints embedded in mobile apps. The post Discovering API secrets & endpoints using APKLeaks appeared first on Dana Epp's Blog ... Read More
5 more Burp extensions for API hacking

5 more Burp extensions for API hacking

Check out these five Burp Suite extensions that can help your API hacking. From bypassing WAFs to generating wordlists, it can all help. The post 5 more Burp extensions for API hacking appeared first on Dana Epp's Blog ... Read More
Is Nuclei any good for API hacking?

Is Nuclei any good for API hacking?

Let me show you how Nuclei can be used for more than vulnerability scanning. Learn how to leverage it as a tool for your API hacking. The post Is Nuclei any good for API hacking? appeared first on Dana Epp's Blog ... Read More
5 mistakes beginners make during app recon

5 mistakes beginners make during app recon

Learn about the five mistakes beginners make during their app recon that limit their ability to find vulns during their API security testing. The post 5 mistakes beginners make during app recon appeared first on Dana Epp's Blog ... Read More
Burp Suite Repeater

Writing API exploits in Python

Learn how to leverage curlconverter to write API exploits in Python using payloads you generated in Burp Suite. The post Writing API exploits in Python appeared first on Dana Epp's Blog ... Read More
⛩

Endpoints vs Routes: What every API hacker needs to know

| | API Hacking Fundamentals
Learn the difference between API endpoints and routes and how to think about it as an API hacker during your security testing. The post Endpoints vs Routes: What every API hacker needs to know appeared first on Dana Epp's Blog ... Read More
Detecting API endpoints and source code with JS Miner

Detecting API endpoints and source code with JS Miner

Learn how to detect API endpoints and extract source code from web app frontends using JS Miner, a FREE Burp Suite Professional extension. The post Detecting API endpoints and source code with JS Miner appeared first on Dana Epp's Blog ... Read More
Detecting Uncommon Headers in an API using Burp Bambda Filters

Detecting Uncommon Headers in an API using Burp Bambda Filters

Learn how to write Bambda filters in Burp Suite that can automatically detect uncommon headers in the APIs you are testing. The post Detecting Uncommon Headers in an API using Burp Bambda Filters appeared first on Dana Epp's Blog ... Read More
From Tsunami to Twitter: How Rigorous API Testing Can Prevent Critical System Outages During Disasters

From Tsunami to Twitter: How Rigorous API Testing Can Prevent Critical System Outages During Disasters

| | API Security Fails
Restricting emergency alerts during a disaster due to rate limiting is in itself a disaster. Learn how to look for this during your API testing. The post From Tsunami to Twitter: How Rigorous API Testing Can Prevent Critical System Outages During Disasters appeared first on Dana Epp's Blog ... Read More