This post is about an account takeover vulnerability on Uber which allowed attackers to takeover any other user’s Uber account (including riders, partners, eats) accounts by supplying user uuid in the API request and using the leaked token in the API response to hijack accounts.
A list of best practices for developers to follow to secure their applications.
The vulnerabilities mentioned in this blog post were plugged quickly by the engineering teams of Facebook and Tinder.
This post is about a simple vulnerability we discovered on Facebook which we could have used to hack into other users’ Facebook accounts easily and without any user interaction.
This post is about a critical bug on Uber which could have been used by hackers to get unlimited free Uber rides anywhere in the world. This post also explains few best practices while integrating payment gateways.
This blog post is about an Insecure direct object reference vulnerability on Twitter. This vulnerability could have been used by attackers to undertake various activities.