😈 The API Hacker Inner Circle

🗓️ The API Hacker's Month in Review - June 2023 👀

Published 11 months ago • 1 min read

June was a lot of fun. We held the OWASP AppSec Days Pacific Northwest conference in Portland, Oregon... and sold out the show. Met a lot of appsec peeps in the community, including several from the API Hacker Inner Circle.

Great to see those of you who came by! 👍🏼

Afterward, my wife and I took some time off to drive down the Oregon coast and just explore. What an amazing coastline.

Having the time to explore also gave me some time to catch up on reading too.

I've been reading The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age by David Sanger. It tells the tale about the consequences of cyber warfare, especially against geo-political systems. It delves into the dark true past where superpowers are playing by different rules.

The sad reality is this isn't fiction. David shares real stories that show how this impacts us all.

Worth reading if you are into that kinda thing.

Articles in June

So here are the highlights of the articles I wrote in June:

Community News

So thanks to everyone who participated in APIDay's Interface conference. There were some great talks, and I was happy to contribute to my session on reverse engineering undocumented APIs. I'm told all the presentations will eventually be published on YouTube. Once I get a link, I will share my session recording, as well as some of the more interesting API security related talks.

In other news, here's a troubling stat by our friends over at HelpNet Security. In 2022, 47.4% of all internet traffic came from bots. More interesting is the fact that 17% of all attacks on APIs came from bots.

Are Bad bots coming for APIs? Check out the article and then hit "reply" and let me know your thoughts.

Like mindmaps? Then you really should check out CyberGuy's GitHub repo of API pentesting mindmaps.

And to close out this month's review, I stumbled upon an interesting experiment called HackerIO you might want to check out. It is an exploration to create a game where the interface is an HTTP API. Brush up on yer hacking skills and see how you do. 😈

Hack hard!

Already a subscriber?

😈 The API Hacker Inner Circle

by Dana Epp 👋

Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!

Read more from 😈 The API Hacker Inner Circle

Hey friend 👋, April has been a bit intense. Ya, it started with jokers putting toothpaste in our Oreos. 🤢 It ended with some well-deserved R&R on the beaches of the West Coast of Vancouver Island. I can't complain too much; I mean, I was also introduced to Churro Oreos... I can't believe these are a thing... ... and it ended with long walks along the beach... Walking along Cox Bay for a week isn't a bad way to decompress... While I was away, I got to finish reading Pegasus: How a Spy in Your...

29 days ago • 5 min read

Hey friend 👋, It's April already!! I hate April 1st. You can't trust anything you read on the Internet, and the pranks ruin good food... If I wanted something minty I'd get peppermint cookies... leave my Oreos alone!!! 🤢 Speaking of something that leaves a bitter taste in my mouth (ya, weird transition there... but stick with me), I've been reading an interesting book lately you need to know about. It's called Means of Control: How the Hidden Alliance of Tech and Government Is Creating a New...

about 2 months ago • 4 min read

Hey friend 👋, How is it that in a leap year, February has gone by so fast? One minute it's Valentine's Day, and the next thing you know Leap Day jumps right past us. OK, a day late. But anything relating to quantum can fix that, right? The extra day in February did let me keep up with my reading. I've been reading The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics. The book explores the profound impact of cyber warfare on global politics, detailing how state-sponsored...

3 months ago • 4 min read
Share this post