All too often, when security researchers or hackers find personal information online, it’s sitting in an unsecured Amazon S3 bucket. We see this time and time again, often with extremely troubling results.

Hundreds of millions of user records left sitting in plain sight. Nearly eight hundred thousand applications for birth…

Summary:

This vulnerability makes it possible to exploit an IDOR vulnerability to steal money from other users’ accounts and also extract Personal Identifiable Information(PII) about users.

Description:

An IDOR(Insecure Direct Object Reference) vulnerability is an access control vulnerability that occurs when an application uses user supplied inputs to access objects…

Summary:

This vulnerability makes it possible to perform a financial transaction multiple times even if I do not have the sufficient balance in my wallet thus making it possible for me to steal money and perform any financial fraudulent activity on your application.

Description:

A race condition occurs when multiple…

Stephen Ogu

App Security Researcher, #YouTube https://youtube.com/stephenogu #Liverpoolfan

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store