NorthSec 2024

API: Alternate Pathway to Injection
05-16, 10:00–10:30 (US/Eastern), Ville-Marie

API Documentation often gives the simplest most bare-bones examples to get something running. This runs into the old adage: Nothing is more permanent than a temporary solution. Come join me and walk through a particularly fun example of cloud API documentation showing you the wrong way.

Included will be a deep dive and demo of a vulnerability caused directly by this kind of mistake which maybe shows that Phreaking is alive and well in 2024.


What is the language of your talk/workshop?

English

Pronouns: he/him

I'm a lifelong hacker and avid selfhoster/homelabber who works a day job pentesting.
On the side, I build CTF challenges and occasionally even go outside to see the world.

This speaker also appears in: