Little Zap of Horrors
The OWASP Podcast Series
00:00
Web App Testing
I had a great business logic issue in an app. I could change my name to a coworkers username, assign jobs to my friend and it would show up in the audit log. There was no technical vulnerability, just like a use case whoops. The move towards modern web apps is a pain from security point of view because these apps are harder to explore to crawl. And bizarrely, single sign on is actually making some ways it's making apps more insecure. But zap is very flexible in authentication. We should be able to cope with anything pretty much.
Transcript
Play full episode
