skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.


Hidden in Plain Site: Disclosing Information via Your APIs

By : Peter Yaworski

In this presentation, I’ll walk through a number of information disclosure vulnerabilities I’ve found in mature programs overlooked by other researchers specifically in HTML page sources and APIs. In doing so, I’ll demonstrate the design pattern in Rails that makes this an easy mistake to make, especially when combined with a front end JavaScript library like React or Angular.

Back To Top