🗓️ The API Hacker's Month in Review - June 2023 👀


June was a lot of fun. We held the OWASP AppSec Days Pacific Northwest conference in Portland, Oregon... and sold out the show. Met a lot of appsec peeps in the community, including several from the API Hacker Inner Circle.

Great to see those of you who came by! 👍🏼

Afterward, my wife and I took some time off to drive down the Oregon coast and just explore. What an amazing coastline.

Having the time to explore also gave me some time to catch up on reading too.

I've been reading The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age by David Sanger. It tells the tale about the consequences of cyber warfare, especially against geo-political systems. It delves into the dark true past where superpowers are playing by different rules.

The sad reality is this isn't fiction. David shares real stories that show how this impacts us all.

Worth reading if you are into that kinda thing.


Articles in June

So here are the highlights of the articles I wrote in June:


Community News

So thanks to everyone who participated in APIDay's Interface conference. There were some great talks, and I was happy to contribute to my session on reverse engineering undocumented APIs. I'm told all the presentations will eventually be published on YouTube. Once I get a link, I will share my session recording, as well as some of the more interesting API security related talks.

In other news, here's a troubling stat by our friends over at HelpNet Security. In 2022, 47.4% of all internet traffic came from bots. More interesting is the fact that 17% of all attacks on APIs came from bots.

Are Bad bots coming for APIs? Check out the article and then hit "reply" and let me know your thoughts.

Like mindmaps? Then you really should check out CyberGuy's GitHub repo of API pentesting mindmaps.

And to close out this month's review, I stumbled upon an interesting experiment called HackerIO you might want to check out. It is an exploration to create a game where the interface is an HTTP API. Brush up on yer hacking skills and see how you do. 😈

Hack hard!
Dana

😈 The API Hacker Inner Circle

Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!

Read more from 😈 The API Hacker Inner Circle

Hey friend 👋, Well, I said I was talking most of August off. And I did. So this month in review doesn't include a lot of new articles. But lots of stuff did happen. First, we moved into our new oceanfront villa. That's been a game changer. I haven't had such long and deep sleeps in years. It's so calm and quiet here. And, who doesn't want a home office view like this? 👉🏻 It gave me lots of time to just sit, think, and read. In fact, I read a fascinating book on that deck in just a couple of...

Hey friend 👋, Summer is in full swing. Sunburns are in full effect. Wild fires are fully engulfing our forests. And the hottest thing yet... the latest Deadpool movie finally hit theatres. I get it. You probably have been really busy in July. I know I was. Five articles. Three presentations. And one research paper that included a new custom Burp extension that I'm not allowed to talk about. (Ya, it's that dark. And pure Kotlin code). Speaking of "dark", I read a really interesting book in...

Hey friend 👋, WTF, where did June go? I swear I blinked, and it was gone. Apologies for this newsletter not arriving yesterday. It was Canada Day, and I was out being loud and proud. (Sorry... couldn't resist. 🇨🇦) In all honesty, I was sitting quietly eating cookies and catching up on some reading. And not some funky flavour of Oreos (albeit they have some great Maple Cream Oreos out there), but some patriotic Maple Leaf Peek Freans. IYKYK. Canadians prefer Birthday cookies (or Nanaimo bars...