😈 The API Hacker Inner Circle

The API Hacker's Month in Review - April 2023 🗓️ 👀

Published about 1 year ago • 2 min read

Hey friend 👋,

Last weekend was the annual BSides Vancouver conference. It was fantastic to see the security community getting together again in person. I had a great time chatting with Mikko after his keynote. We've been in the industry for about the same amount of time and have chewed a lot of the same ground over the years.

With the weather looking so great, I couldn't stay cooped up at the conference. I grabbed Mikko's book and enjoyed an iced chai outside. Highly recommend you pick up his new book "If it's smart, it's vulnerable" if you haven't yet. Worth the read.

Speaking of reading... it's time for another month in review!

Articles in April

April was an interesting month. I covered some unusual topics based on conversations and feedback I have had with many of you.

Latest Article

I've seen a disturbing trend lately in the community. There are far too many new security researchers out there who think they are OWED SOMETHING if they find a vulnerability in software, even if the vendor didn't ask them to look for it.

And they are getting themselves in trouble when reporting it. Some even got arrested.

Anyways, I want our community to be able to safely report security vulnerabilities to vendors and make money doing so the right way (if that's your motivation). So this week, I have written "The Security Researcher's Guide to Reporting Vulnerabilities to Vendors."

I hope you like it.

Community News

AppSec Days

For those in the Pacific Northwest, the OWASP AppSec Days Pacific Northwest conference is just over a month away. The schedule is now published on the website. Come enjoy the weekend in Portland, Oregon, and uplevel your appsec skills.

Every attendee also gets a copy of Adam Shostack's new book, "Threats: What Every Engineer Should Learn from Star Wars. "

Make sure you register soon, as tickets are going fast!

Come hack in the CMD+CTRL Cyber Range

OWASP Vancouver is hosting Security Innovation's CMD+CTRL Cyber Range this month at the Microsoft office downtown. Tap into your inner evildoer and test your skills in hunting down web application vulnerabilities, all within an authentic environment where you can exploit your way through hundreds of vulnerabilities that lurk in business applications today.

You can register for the in-person event here.

Hope to see you there.

Hack hard!

You're reading the API Hacker's Inner Circle Newsletter created by Dana Epp (he/him).

🧠 I help teach developers, testers, and hackers how to improve their API hacking tradecraft. Thanks for reading. 🙏

⏩ Enjoy the newsletter? Please forward this to a friend who would find these articles and insights useful!

👋 Did a pal share this with you? Sign up for your own copy here. I send out the newsletter every Tuesday.

😈 The API Hacker Inner Circle

by Dana Epp 👋

Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!

Read more from 😈 The API Hacker Inner Circle

Hey friend 👋, Wow, did May go by fast. I think these months need to start getting rate-limited so I can actually keep up. I have to admit though, members of the inner circle have kept me going. First, Stephen sent me this... I got a chuckle from that. And then Viktor shared with me a new flavor he came across... WTF? Who would eat that? I'm all for hacking late at night with a plate of cookies, but damn. Silliness aside, the last thing we want is kids seeing that. You just never know these...

12 days ago • 4 min read

Hey friend 👋, April has been a bit intense. Ya, it started with jokers putting toothpaste in our Oreos. 🤢 It ended with some well-deserved R&R on the beaches of the West Coast of Vancouver Island. I can't complain too much; I mean, I was also introduced to Churro Oreos... I can't believe these are a thing... ... and it ended with long walks along the beach... Walking along Cox Bay for a week isn't a bad way to decompress... While I was away, I got to finish reading Pegasus: How a Spy in Your...

about 1 month ago • 5 min read

Hey friend 👋, It's April already!! I hate April 1st. You can't trust anything you read on the Internet, and the pranks ruin good food... If I wanted something minty I'd get peppermint cookies... leave my Oreos alone!!! 🤢 Speaking of something that leaves a bitter taste in my mouth (ya, weird transition there... but stick with me), I've been reading an interesting book lately you need to know about. It's called Means of Control: How the Hidden Alliance of Tech and Government Is Creating a New...

2 months ago • 4 min read
Share this post