Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!
The API Hacker's Month in Review - March 2023 ποΈ π
Hey friend π,
It's that time again...
Time for another month in review!
Latest Articles
So, here is a synopsis of what I wrote about last month:
- I showcased some of the new changes coming to the OWASP API Security Top 10 list in 2023.
- I discussed the ins and outs of offensive AI and how we as API hackers can benefit from it.
- I explained why itβs important to include a working exploit in your vulnerability report and how to protect it so others donβt weaponize it.
- I shared my article originally published in the Journal of Defense Software Engineering on How Adversaries Attack APIs Through Dependencies. Many thanks to the US Air Force for making that public and not keeping it classified for DoD use only.
Community News
AppSec Days
So for those in the Pacific Northwest, the OWASP AppSec Days Pacific Northwest conference is shaping up. Got some great keynotes locked in and early bird tickets are now available on the website.
New API security course
The crew over at APISec University has released a new API Security Fundamentals course. It's a great introduction to WHY API security breaches happen and covers at a high level how this fits in with the OWASP API Security Top 10. It even covers the latest changes for 2023! If you know someone who is brand new to API hacking, have them check out this course. It's FREE!
Wanna learn how to hack from the inside out?
If you are in the Vancouver area on April 20th, come by the downtown campus of Microsoft to hear me talk about how to look at your web apps and APIs more offensively to discover the exploitability of your code before your adversaries do. I'll be covering how to trace exploitability through taint analysis and discuss what to look for during code review to find vulnerabilities that your favorite scanners can't find.
You can register for the event here.
I just want to say thanks
I'm grateful that you have read this far. And that you regularly read my articles. I do hope you find them helpful.
Last month I asked for your help in sharing what you wanted to hear about. Thanks to everyone who filled out that survey. (Feel free to do so if you haven't already π ).
The feedback was interesting. Most people said to just keep on going. Some colorful responses include people wanting me to offer online training, live streaming, and maybe my own book. I also have some great ideas for future articles... so stay tuned.
And again, thanks for being part of the community and sharing your thoughts and wishes. You can respond to ANY of my emails with comments, feedback, and suggestions at any time. They are always most welcome.
In the meantime, hack hard!
Dana
You're reading the API Hacker's Inner Circle Newsletter created by Dana Epp (he/him).
π§ I help teach developers, testers, and hackers how to improve their API hacking tradecraft. Thanks for reading. π
β© Enjoy the newsletter? Please forward this to a friend who would find these articles and insights useful!
π Did a pal share this with you? Sign up for your own copy here. I send out the newsletter every Tuesday.
π The API Hacker Inner Circle
Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!