Exploiting McDonald’s APIs To Hijack Deliveries And Order Food For A Penny
- Eaton Zveare tl;dr: “I took a step back and looked at the cart object and an idea came to mind. The cart object was able to accept item updates, but could it accept price updates too? I put together a PUT request to update the price. Surprisingly, it worked.”featured in #576
Control Data Access with Targeted Row-Level Security
tl;dr: Integrate Clerk with Neon Authorize to enforce Row-Level Security (RLS) in Postgres using JWTs. This setup enhances security by securing database queries based on user identity. For team leads, it simplifies security management and reduces risk, allowing teams to focus on development.featured in #566
One Weird Trick To Get The Whole Planet To Send Abuse Complaints To Your Best Friend(s)
- Pierre Bourdon tl;dr: “One of my servers suddenly deciding to start sending SSH connections to the wider internet. This is usually a pretty strong indicator of malware compromise, and I had to act quickly if that was the case. Luckily, I’ve worked in infosec for a while, and some years ago I even did some freelance work doing forensics and cleanup of infected servers.”featured in #563
Using YouTube To Steal Your Files
- Lyra Rebane tl;dr: “In my security research I often come across weird quirks and behaviours that aren’t particularly useful beyond a neat party trick. It’s always a good idea to keep track of them though, perhaps one day they’ll be just the missing piece you need.”featured in #551
Implementation Challenges Of A Homegrown SCIM Solution
tl;dr: SCIM provisioning is a table stakes feature that nearly every enterprise customer requests. It enables secure and automated user lifecycle management, allowing users to be seamlessly onboarded and offboarded from applications. But building SCIM in-house is incredibly complex. There is a ton of fragmentation you have to deal with because each identity provider (Okta, Azure, etc.) has different ways of interpreting the SCIM protocol.featured in #548
Securing Applications in the Age of AI: New Threats, New Strategies
- Reed McGinley-Stempel tl;dr: As artificial intelligence reshapes application security, new threats emerge alongside innovative protective strategies. Reed explores the challenges posed by AI-driven attacks and offers proactive measures to strengthen your security framework, empowering you to safeguard applications while maximizing AI's potential for resilience.featured in #547
featured in #541
PII Redaction: Protect Sensitive Information
tl;dr: Identify and remove personal data such as addresses, phone numbers, and credit card details from your transcripts. Now available in 47 additional languages.featured in #538
featured in #538
What is Fingerprint Browsing And How Does It Work?
- Evelyn Chea tl;dr: Cookies are great, but they aren’t reliable. That's where browser fingerprinting comes in. Visitor identification captures details like browser type, operating system, and screen resolution using advanced techniques like canvas and WebGL fingerprinting to create a unique digital fingerprint for each visitor. It goes beyond traditional cookies, offering enhanced security, fraud detection, and personalized user experiences.featured in #532