All Stories

Abusing Business Logic of an Application to create backdoor in a form APP

Working with a target having various access roles and functionalities always gives us goosebumps. This time it was a design flaw in the application logic that we reformed to create...

Attacking Access Control Models in Modern Web Apps

So far you may have come across various web applications where you were able to invite members with limited access to the information within the organization. Developers are able to...