-
Gaining admin access to a Siemens cloud system
(ASPEN) Understanding the Risks of Client-Side Authentication: Why relying on client-side security isnโt enough.
Eaton -
Lessons in Securing Mobility Site Management APIs
(ASPEN) Mobile device management (MDM) systems are essential for large enterprises to track devices accessing the corporate network and ensure security. Read how a vulnerability on Johnson & Johnson’s Mobility Service Portal made it possible to access employee corporate devices.
Eaton -
Angular-ing for AuthZ, Problematic anti-patterns in Single Sign On Systems
(ASPEN) A critical SSO vulnerability in a Fortune 500 app risked millions of records. Learn about SSO security risks, fixes, and protecting APIs from similar attacks.
Eaton -
Hacking into a Toyota/Eicher Motors insurance company by exploiting their premium calculator website
A vulnerable API on Toyota Tsusho Insurance Broker India’s premium calculator website exposed Microsoft corporate cloud credentials.
Eaton -
CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1
The story of CVE-2023-6483, my first CVE and biggest security disclosure yet.
Eaton