Katie Paxton-Fear (InsiderPhD)Feb 22, 2025

So what does make APIs special and different? #apisecurity #apihacking #apis #pentesting

1) Interconnectedness, even if you're sure you don't have APIs, I bet your suppliers do
2) Large attack surfaces that are poorly documented, they balloon into hundreds of endpoints quickly

Katie Paxton-Fear (InsiderPhD)Feb 21, 2025
The biggest mistake I see in API security will probably surprise you... Whether in offensive security or defending APIs, most teams make one fundamental mistake that leaves their APIs vulnerable, they forget that APIs are web applications.
#apisecurity #apihacking #apis
Show threadKatie Paxton-Fear (InsiderPhD)Nov 20, 2024

👉 Register here: https://bit.ly/490sbH9

#apisecurity #apihacking #appsec #websecurity #apis #infosec

Dana Epp  Nov 12, 2024

Let's explore the latest book by Packt Publishing on "Pentesting APIs" and see if it's worth putting on an API hacker's bookshelf.

#apihacking #apisecurity

https://danaepp.com/is-the-latest-book-on-pentesting-apis-any-good

Is the latest book on "Pentesting APIs" any good?

Let's explore the latest book by Packt Publishing on "Pentesting APIs" and see if it's worth putting on an API hacker's bookshelf.

Dana Epp's Blog
Dana Epp  Nov 5, 2024

Check out how to use upstream residential and mobile proxies in Burp Suite to evade IP blocking during your API security testing.

#apihacking #apisecurity

https://danaepp.com/evade-ip-blocking-by-using-residential-proxies

Evade IP blocking by using residential proxies

Learn how to use upstream residential and mobile proxies in Burp Suite to evade IP blocking during your API security testing.

Dana Epp's Blog
Dana Epp  Oct 15, 2024

Let me show you how to use JSON injection to manipulate API payloads to control the flow of data and business logic within an API.

#apihacking #apisecurity

https://danaepp.com/attacking-apis-using-json-injection

Attacking APIs using JSON Injection

Learn how to use JSON injection to manipulate API payloads to control the flow of data and business logic within an API.

Dana Epp's Blog
Dana Epp  Sep 3, 2024

Let me show you how to gain a competitive edge over other security researchers by detecting changes to APIs before others even know about them by using oasdiff.

#apihacking #apisecurity

https://danaepp.com/detecting-new-api-endpoints-with-oasdiff

Detecting new API endpoints with oasdiff

Gain a competitive edge over other security researchers by detecting changes to APIs before others even know about them by using oasdiff.

Dana Epp's Blog
Dana Epp  Aug 6, 2024

Let's look at Tracfone's $16 million settlement with the FCC to understand why API security testing matters.

#apisecurity #apihacking

https://danaepp.com/why-api-security-testing-matters-learning-from-tracfone

Why API Security Testing Matters - Learning from Tracfone

Let's look at Tracfone's $16 million settlement with the FCC to understand why API security testing matters.

Dana Epp's Blog
Dana Epp  Jul 23, 2024

Let me show you how to conduct covert data exfiltration within JSON payloads of an API response.

#apihacking #apisecurity

https://danaepp.com/covert-data-exfiltration-via-json-in-an-api

Covert Data Exfiltration via JSON in an API

Learn how to conduct covert data exfiltration within JSON payloads of an API response.

Dana Epp's Blog
Dana Epp  Jul 16, 2024

Let me show you how to fuzz JSON to find security vulnerabilities in the APIs you are hacking with the help of a custom wordlist and Param Miner.

#apihacking #apisecurity

https://danaepp.com/fuzzing-json-to-find-api-security-flaws

Fuzzing JSON to find API security flaws

Learn how to fuzz JSON to find security vulnerabilities in the APIs you are hacking with the help of a custom wordlist and Param Miner.

Dana Epp's Blog