Source: securityboulevard.com – Author: Dana Epp What if I told you that many APIs leverage custom HTTP headers to drive business logic and behavior? Would you...
Author: Dana Epp
From Tsunami to Twitter: How Rigorous API Testing Can Prevent Critical System Outages During Disasters – Source: securityboulevard.com
Source: securityboulevard.com – Author: Dana Epp If there is anything we can learn from the latest earthquake in Japan, it’s how important communications and alerts are...
The No-Nonsense Guide to Bypassing API Auth Using NoSQL Injection – Source: securityboulevard.com
Source: securityboulevard.com – Author: Dana Epp Introduction Sometimes, the way to bypass API auth is easier than you think. That’s all thanks to modern software development...
Beyond the Crystal Ball: What API security may look like in 2024 – Source: securityboulevard.com
Source: securityboulevard.com – Author: Dana Epp API security isn’t a dark art. But no soothsayer out there can predict what the threat landscape may look like...
Exploiting an API with Structured Format Injection – Source: securityboulevard.com
Source: securityboulevard.com – Author: Dana Epp Never trust user input. It’s been the mantra for years in popular secure coding books. Yet, even today, we continue...
The Ultimate Guide to Learning Burp Suite for FREE – Source: securityboulevard.com
Source: securityboulevard.com – Author: Dana Epp Introduction When it comes to the tools of the trade for web app and API security testing, Burp Suite should...
Improve your API Security Testing with Burp BCheck Scripts – Source: securityboulevard.com
Source: securityboulevard.com – Author: Dana Epp Introduction I’m a big fan of Burp Suite. In my Beginner’s Guide to API Hacking, I even go so far...
A “cewl” way for API discovery – Source: securityboulevard.com
Source: securityboulevard.com – Author: Dana Epp Imagine this. You’ve been working on a target for some time now, investing to map out all the API endpoints....
Attacking APIs by tainting data in weird places – Source: securityboulevard.com
Source: securityboulevard.com – Author: Dana Epp Introduction Never trust user input. Every developer in the world who has attended even the most basic appsec training have...