Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!
Hey friend 👋,
Last weekend was the annual BSides Vancouver conference. It was fantastic to see the security community getting together again in person. I had a great time chatting with Mikko after his keynote. We've been in the industry for about the same amount of time and have chewed a lot of the same ground over the years.
With the weather looking so great, I couldn't stay cooped up at the conference. I grabbed Mikko's book and enjoyed an iced chai outside. Highly recommend you pick up his new book "If it's smart, it's vulnerable" if you haven't yet. Worth the read.
Speaking of reading... it's time for another month in review!
April was an interesting month. I covered some unusual topics based on conversations and feedback I have had with many of you.
I've seen a disturbing trend lately in the community. There are far too many new security researchers out there who think they are OWED SOMETHING if they find a vulnerability in software, even if the vendor didn't ask them to look for it.
And they are getting themselves in trouble when reporting it. Some even got arrested.
Anyways, I want our community to be able to safely report security vulnerabilities to vendors and make money doing so the right way (if that's your motivation). So this week, I have written "The Security Researcher's Guide to Reporting Vulnerabilities to Vendors."
I hope you like it.
READ THE GUIDE |
For those in the Pacific Northwest, the OWASP AppSec Days Pacific Northwest conference is just over a month away. The schedule is now published on the website. Come enjoy the weekend in Portland, Oregon, and uplevel your appsec skills.
Every attendee also gets a copy of Adam Shostack's new book, "Threats: What Every Engineer Should Learn from Star Wars. "
Make sure you register soon, as tickets are going fast!
OWASP Vancouver is hosting Security Innovation's CMD+CTRL Cyber Range this month at the Microsoft office downtown. Tap into your inner evildoer and test your skills in hunting down web application vulnerabilities, all within an authentic environment where you can exploit your way through hundreds of vulnerabilities that lurk in business applications today.
You can register for the in-person event here.
Hope to see you there.
Hack hard!
Dana
You're reading the API Hacker's Inner Circle Newsletter created by Dana Epp (he/him).
🧠 I help teach developers, testers, and hackers how to improve their API hacking tradecraft. Thanks for reading. 🙏
⏩ Enjoy the newsletter? Please forward this to a friend who would find these articles and insights useful!
👋 Did a pal share this with you? Sign up for your own copy here. I send out the newsletter every Tuesday.
Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!