Hidden in Plain Site - Disclosing Information via Your APIs - Peter Yaworski, Bugcrowd's LevelUp 2017

Hidden in Plain Site - Disclosing Information via Your APIs - Peter Yaworski, Bugcrowd's LevelUp 2017

Bugcrowd via YouTube Direct link

Personal anecdote

12 of 18

12 of 18

Personal anecdote

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Hidden in Plain Site - Disclosing Information via Your APIs - Peter Yaworski, Bugcrowd's LevelUp 2017

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Introduction
  2. 2 About Peter Yaworski
  3. 3 Agenda
  4. 4 What is API
  5. 5 Why we care
  6. 6 Why this happens
  7. 7 Rails example
  8. 8 Removing information from view
  9. 9 The JSON file
  10. 10 The handy method merge
  11. 11 Adding a sensitive parameter
  12. 12 Personal anecdote
  13. 13 How do we find it
  14. 14 Examples
  15. 15 Customer ID
  16. 16 Vulnerability
  17. 17 Private Address
  18. 18 Wrapup

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.