profile

😈 The API Hacker Inner Circle

🗓️ The API Hacker's Month in Review - May 2023 👀

Published about 1 year ago • 2 min read

Hey friend 👋,

Just got back from a trip to Alaska. It was beautiful weather, but it was still too damn cold for this Canadian boy. 🥶

I mean, just look how icy blue the water was in Glacier Bay...

One good thing about the trip was that I got to drink a lot of hot chocolate and catch up on some reading. I just finished reading The Wires of War: Technology and the Global Struggle for Power. It was an interesting read from a Googler in the middle of it all, and it really got me thinking about how technology has changed the way we fight digitally. If you like the intersection of technology, politics, and global power, this is worth picking up.

Articles in May

I was so swamped in May getting ready and going on my trip to Alaska. Even still, I did keep up with my articles:

  • I published a guide that showed you how to avoid conflict when you approach a company and report a vulnerability you found as a security researcher.
  • I showed you how to attack APIs by tainting data in weird places. That included discovering ways to modify API requests during testing to corrupt data and manipulate code flow, allowing you to uncover new vulnerabilities.
  • I created the ultimate link library of my articles so you can learn how to get started as an API hacker. This is a great first link to share with someone new who wants to get into this field. Sharing is caring. Please share.
  • I taught you how to find tenant-bleed vulnerabilities in multi-tenant apps and APIs that expose cross-tenant data leaks (CTDL) during your security testing.
  • I talked about the lucrative economics of API hacking and showed you how to make more money in less time on a consistent basis by focusing on API pentesting rather than bug bounty hunting.

Community News

AppSec Days

For those in the Pacific Northwest, the OWASP AppSec Days Pacific Northwest conference is just over a week away. The schedule is published on the website. Come enjoy the weekend in Portland, Oregon, and uplevel your appsec skills.

Every attendee also gets a copy of Adam Shostack's new book, "Threats: What Every Engineer Should Learn from Star Wars. "

Make sure you register soon, as there are only a few tickets left!

Come find me and say hi... I might have a gift for you.

APIDAYS Interface

On June 28 & 29th APIDAYS is hosting the virtual conference INTERFACE. I will be presenting a talk on "Reverse Engineering Undocumented APIs".

You can get a FREE ticket by registering here.

Hope to see you there!

Hack hard!
Dana


You're reading the API Hacker's Inner Circle Newsletter created by Dana Epp (he/him).

🧠 I help teach developers, testers, and hackers how to improve their API hacking tradecraft. Thanks for reading. 🙏

⏩ Enjoy the newsletter? Please forward this to a friend who would find these articles and insights useful!

👋 Did a pal share this with you? Sign up for your own copy here. I send out the newsletter every Tuesday.

😈 The API Hacker Inner Circle

by Dana Epp 👋

Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!

Read more from 😈 The API Hacker Inner Circle

Hey friend 👋, Wow, did May go by fast. I think these months need to start getting rate-limited so I can actually keep up. I have to admit though, members of the inner circle have kept me going. First, Stephen sent me this... I got a chuckle from that. And then Viktor shared with me a new flavor he came across... WTF? Who would eat that? I'm all for hacking late at night with a plate of cookies, but damn. Silliness aside, the last thing we want is kids seeing that. You just never know these...

12 days ago • 4 min read

Hey friend 👋, April has been a bit intense. Ya, it started with jokers putting toothpaste in our Oreos. 🤢 It ended with some well-deserved R&R on the beaches of the West Coast of Vancouver Island. I can't complain too much; I mean, I was also introduced to Churro Oreos... I can't believe these are a thing... ... and it ended with long walks along the beach... Walking along Cox Bay for a week isn't a bad way to decompress... While I was away, I got to finish reading Pegasus: How a Spy in Your...

about 1 month ago • 5 min read

Hey friend 👋, It's April already!! I hate April 1st. You can't trust anything you read on the Internet, and the pranks ruin good food... If I wanted something minty I'd get peppermint cookies... leave my Oreos alone!!! 🤢 Speaking of something that leaves a bitter taste in my mouth (ya, weird transition there... but stick with me), I've been reading an interesting book lately you need to know about. It's called Means of Control: How the Hidden Alliance of Tech and Government Is Creating a New...

2 months ago • 4 min read
Share this post