API Hacking Fundamentals

Let's explore the latest book by Packt Publishing on "Pentesting APIs" and see if it's worth putting on an API hacker's bookshelf. The post Is the latest book on “Pentesting APIs” any ...

Learn how to cross-reference Known Exploit Vulnerabilities (KEV) against CWE to find the best attack vectors to use during security testing. The post KEV + CWE = Attack Vector ❤️‍🔥 appeared first ...

Learn how to write exploits that take advantage of blind command injection vulnerabilities using a time-delayed boolean oracle attack. The post From Exploit to Extraction: Data Exfil in Blind RCE Attacks appeared ...

Learn five tips that will help improve the API exploits you submit into security triage as part of your vulnerability research. The post 5 tips to improve your API exploits appeared first ...

Learn how to use MITRE's Common Weakness Enumerations (CWE) entries to level up your vulnerability reports. The post Level Up Your Vulnerability Reports With CWEs appeared first on Dana Epp's Blog ...

Learn how to fuzz JSON to find security vulnerabilities in the APIs you are hacking with the help of a custom wordlist and Param Miner. The post Fuzzing JSON to find API ...

Learn why HTTPie is a great replacement for curl and how to use it when conducting your own API security testing. The post Hacking APIs with HTTPie appeared first on Dana Epp's ...

Learn why Human Application Security Testing (HAST) is important to API hackers. The post Why HAST is important to API hackers appeared first on Dana Epp's Blog ...

Learn how to write Burp Suite extensions using the new Montoya API with Kotlin and Visual Studio Code (VS Code) The post Writing Burp extensions in Kotlin appeared first on Dana Epp's ...

Check out these five tips to help you pick your first target when starting bug bounty hunting against APIs. The post 5 Tips for API Hackers on Picking Your First Target appeared ...