🗓️ The API Hacker's Month in Review - June 2023 👀

published5 months ago
1 min read

June was a lot of fun. We held the OWASP AppSec Days Pacific Northwest conference in Portland, Oregon... and sold out the show. Met a lot of appsec peeps in the community, including several from the API Hacker Inner Circle.

Great to see those of you who came by! 👍🏼

Afterward, my wife and I took some time off to drive down the Oregon coast and just explore. What an amazing coastline.

Having the time to explore also gave me some time to catch up on reading too.

I've been reading The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age by David Sanger. It tells the tale about the consequences of cyber warfare, especially against geo-political systems. It delves into the dark true past where superpowers are playing by different rules.

The sad reality is this isn't fiction. David shares real stories that show how this impacts us all.

Worth reading if you are into that kinda thing.

Articles in June

So here are the highlights of the articles I wrote in June:

Community News

So thanks to everyone who participated in APIDay's Interface conference. There were some great talks, and I was happy to contribute to my session on reverse engineering undocumented APIs. I'm told all the presentations will eventually be published on YouTube. Once I get a link, I will share my session recording, as well as some of the more interesting API security related talks.

In other news, here's a troubling stat by our friends over at HelpNet Security. In 2022, 47.4% of all internet traffic came from bots. More interesting is the fact that 17% of all attacks on APIs came from bots.

Are Bad bots coming for APIs? Check out the article and then hit "reply" and let me know your thoughts.

Like mindmaps? Then you really should check out CyberGuy's GitHub repo of API pentesting mindmaps.

And to close out this month's review, I stumbled upon an interesting experiment called HackerIO you might want to check out. It is an exploration to create a game where the interface is an HTTP API. Brush up on yer hacking skills and see how you do. 😈

Hack hard!

😈 The API Hacker Inner Circle

Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!

Read more from 😈 The API Hacker Inner Circle