A series of API flaws in McDelivery India made it possible to order food for a penny, hijack other people’s delivery orders, view user information, and more.
As a response to 3, I’m a professional pentester. I see several of the mistakes mentioned more than I’d like. Stuff like that still happens on the regular.
I typically get higher profile brands similar to McDonald’s as well.
As a response to 3, I’m a professional pentester. I see several of the mistakes mentioned more than I’d like. Stuff like that still happens on the regular.
I typically get higher profile brands similar to McDonald’s as well.
Let me guess, you signed an NDA, and won’t tell anyone which brands had badly configured access control in their web apps?
Each red flag is okay, but all together is rather strange. It’s kinda classic to say that pajeets write shitty code.