Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!
🗓️ The API Hacker's Month in Review - May 2023 👀
Hey friend 👋,
Just got back from a trip to Alaska. It was beautiful weather, but it was still too damn cold for this Canadian boy. 🥶
I mean, just look how icy blue the water was in Glacier Bay...
One good thing about the trip was that I got to drink a lot of hot chocolate and catch up on some reading. I just finished reading The Wires of War: Technology and the Global Struggle for Power. It was an interesting read from a Googler in the middle of it all, and it really got me thinking about how technology has changed the way we fight digitally. If you like the intersection of technology, politics, and global power, this is worth picking up.
Articles in May
I was so swamped in May getting ready and going on my trip to Alaska. Even still, I did keep up with my articles:
- I published a guide that showed you how to avoid conflict when you approach a company and report a vulnerability you found as a security researcher.
- I showed you how to attack APIs by tainting data in weird places. That included discovering ways to modify API requests during testing to corrupt data and manipulate code flow, allowing you to uncover new vulnerabilities.
- I created the ultimate link library of my articles so you can learn how to get started as an API hacker. This is a great first link to share with someone new who wants to get into this field. Sharing is caring. Please share.
- I taught you how to find tenant-bleed vulnerabilities in multi-tenant apps and APIs that expose cross-tenant data leaks (CTDL) during your security testing.
- I talked about the lucrative economics of API hacking and showed you how to make more money in less time on a consistent basis by focusing on API pentesting rather than bug bounty hunting.
Community News
AppSec Days
For those in the Pacific Northwest, the OWASP AppSec Days Pacific Northwest conference is just over a week away. The schedule is published on the website. Come enjoy the weekend in Portland, Oregon, and uplevel your appsec skills.
Every attendee also gets a copy of Adam Shostack's new book, "Threats: What Every Engineer Should Learn from Star Wars. "
Make sure you register soon, as there are only a few tickets left!
Come find me and say hi... I might have a gift for you.
APIDAYS Interface
On June 28 & 29th APIDAYS is hosting the virtual conference INTERFACE. I will be presenting a talk on "Reverse Engineering Undocumented APIs".
You can get a FREE ticket by registering here.
Hope to see you there!
Hack hard!
Dana
You're reading the API Hacker's Inner Circle Newsletter created by Dana Epp (he/him).
🧠 I help teach developers, testers, and hackers how to improve their API hacking tradecraft. Thanks for reading. 🙏
⏩ Enjoy the newsletter? Please forward this to a friend who would find these articles and insights useful!
👋 Did a pal share this with you? Sign up for your own copy here. I send out the newsletter every Tuesday.
😈 The API Hacker Inner Circle
Helping developers, testers, and hackers improve their approach to appsec and find vulnerabilities in their apps and APIs before their adversaries do. Interested to know more? Subscribe to my newsletter below!