Hacking APIs with Dana Epp
Episode #1819
Thursday, November 10, 2022
Are your APIs vulnerable to hacking? Carl and Richard talk to Dana Epp about how APIs have become the focus of black hats today. Dana talks about tooling you can use to look at your APIs the same way the hackers do, and find potential exploit paths for impersonating users, stealing data, and otherwise exploiting your system. There's an OWASP list specifically for API security - spend some time with it!
Guests:
Dana Epp
Dana Epp has been a builder and breaker for over 30 years now and helps developers, testers, and hackers to find and fix flaws in apps and infrastructure. Outside of being an offensive security engineer, he's a Microsoft Regional Director and a Microsoft Security MVP for over 17 years now.
Links:
- MSAL Auth in MAUI Blazor Apps https://www.youtube.com/watch?v=rJH43uOwZm0
- Security Engineering https://www.cl.cam.ac.uk/~rja14/book.html
- RunAs episodes with Dana Epp https://runasradio.com/Shows?search=dana+epp
- OWASP API Security Top 10 https://owasp.org/www-project-api-security/
- Burp Suite https://portswigger.net/burp
- Postman https://www.postman.com/automated-testing/
- Dana's Blog Post on Cracking API Tokens https://danaepp.com/how-to-use-azure-to-crack-api-auth-tokens
- Dana's Hacking Guide https://danaepp.com/dotnetrocks
- Azure API Management https://azure.microsoft.com/products/api-management/
- Polly https://github.com/App-vNext/Polly
- YSoSerial.NET https://github.com/pwntester/ysoserial.net
- The Journal of Defense Software Engineering https://community.apan.org/wg/crosstalk/