Dana Epp
Dana Epp's Blog

Hacking Modern Android Mobile Apps & APIs with Burp Suite

Hacking Modern Android Mobile Apps & APIs with Burp Suite

| | API Hacking Techniques, API Hacking Tools
Learn how to set up your hacking environment to attack mobile apps & APIs running on modern versions of Android with Burp Suite. The post Hacking Modern Android Mobile Apps & APIs with Burp Suite appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Why the X-Bug-Bounty Header Matters for Hackers

Why the X-Bug-Bounty Header Matters for Hackers

| | API Hacking Techniques
Learn why the X-Bug-Bounty custom HTTP header can be helpful during your bug bounty engagements with a target. The post Why the X-Bug-Bounty Header Matters for Hackers appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Detecting new API endpoints with oasdiff

Detecting new API endpoints with oasdiff

| | API Hacking Techniques, API Hacking Tools
Gain a competitive edge over other security researchers by detecting changes to APIs before others even know about them by using oasdiff. The post Detecting new API endpoints with oasdiff appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Why API Security Testing Matters – Learning from Tracfone

Why API Security Testing Matters – Learning from Tracfone

| | API Security Fails
Let's look at Tracfone's $16 million settlement with the FCC to understand why API security testing matters. The post Why API Security Testing Matters – Learning from Tracfone appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Mapping Attack Patterns to your Threat Model

Mapping Attack Patterns to your Threat Model

| | API Hacking Techniques
Learn how to map MITRE CAPEC attack patterns to STRIDE threat model categories and improve your approach to security testing. The post Mapping Attack Patterns to your Threat Model appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Covert Data Exfiltration via JSON in an API

Covert Data Exfiltration via JSON in an API

| | API Hacking Techniques
Learn how to conduct covert data exfiltration within JSON payloads of an API response. The post Covert Data Exfiltration via JSON in an API appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Fuzzing JSON to find API security flaws

Fuzzing JSON to find API security flaws

| | API Hacking Fundamentals, API Hacking Tools
Learn how to fuzz JSON to find security vulnerabilities in the APIs you are hacking with the help of a custom wordlist and Param Miner. The post Fuzzing JSON to find API security flaws appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Finding hidden API parameters

Finding hidden API parameters

| | API Hacking Techniques, API Hacking Tools
Learn how to use Param Miner to find hidden parameters that may help manipulate an API in unintended ways, revealing potential security flaws. The post Finding hidden API parameters appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Weaponizing API discovery metadata

Weaponizing API discovery metadata

| | API Hacking Mindset, API Hacking Techniques, API Hacking Tools
Learn how to weaponize API discovery metadata to improve your recon of the APIs you are hacking or conducting security testing on. The post Weaponizing API discovery metadata appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog
Hacking APIs with HTTPie

Hacking APIs with HTTPie

| | API Hacking Fundamentals, API Hacking Tools
Learn why HTTPie is a great replacement for curl and how to use it when conducting your own API security testing. The post Hacking APIs with HTTPie appeared first on Dana Epp's Blog ... Read More
Dana Epp's Blog