Looks like Iβm a finalist for βAPI Security Person of the Yearβ. Like my articles and research? Iβd appreciate your vote.
| Website | https://danaepp.com |
| https://twitter.com/danaepp | |
| https://www.linkedin.com/in/danaepp/ |
Dana Epp 
@danaepp@infosec.exchange
- 419 Followers
- 108 Following
- 411 Posts
Builder and Breaker of code. Microsoft Security MVP focused on security (de)engineering.
Let me show you how to stay professionally detached from the vulnerabilities you discover and disclose as part of your security research.
https://danaepp.com/staying-professionally-detached-from-your-security-research
Learn why shadow APIs sometimes provide a defenseless path for threat actors, and learn what YOU can do about it.
https://danaepp.com/why-shadow-apis-provide-a-defenseless-path-for-threat-actors
Let's explore the latest book by Packt Publishing on "Pentesting APIs" and see if it's worth putting on an API hacker's bookshelf.
https://danaepp.com/is-the-latest-book-on-pentesting-apis-any-good
Check out how to use upstream residential and mobile proxies in Burp Suite to evade IP blocking during your API security testing.
https://danaepp.com/evade-ip-blocking-by-using-residential-proxies
Let me show you how to cross-reference Known Exploit Vulnerabilities (KEV) against CWE to find the best attack vectors to use during security testing.
Learn how to write exploits that take advantage of blind command injection vulnerabilities using a time-delayed boolean oracle attack.
https://danaepp.com/from-exploit-to-extraction-data-exfil-in-blind-rce-attacks
Let me show you how to use JSON injection to manipulate API payloads to control the flow of data and business logic within an API.
Check out these five tips to help improve the API exploits you submit into security triage as part of your vulnerability research.
Learn how to improve your API discovery with a custom Burp Suite extension dedicated to automatically finding API document artifacts for you.
https://danaepp.com/hacking-api-discovery-with-a-custom-burp-extension
