-
I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny
A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.
Eaton -
How 1 Exposed Honeywell API Gave me Control Over an Internal Engineering System
(ASPEN) APIs are crucial for web apps but pose security risks. I uncovered a critical flaw in Honeywell’s BEDQ system, highlighting the need for strong API security.
Eaton -
Gaining admin access to a Siemens cloud system
(ASPEN) Understanding the Risks of Client-Side Authentication: Why relying on client-side security isnโt enough.
Eaton -
Lessons in Securing Mobility Site Management APIs
(ASPEN) Mobile device management (MDM) systems are essential for large enterprises to track devices accessing the corporate network and ensure security. Read how a vulnerability on Johnson & Johnson’s Mobility Service Portal made it possible to access employee corporate devices.
Eaton -
Angular-ing for AuthZ, Problematic anti-patterns in Single Sign On Systems
(ASPEN) A critical SSO vulnerability in a Fortune 500 app risked millions of records. Learn about SSO security risks, fixes, and protecting APIs from similar attacks.
Eaton