cybersecuritywriteups.com
An investigation into an apparent MFA bypass that ultimately revealed broken API authorization, demonstrating why strong authentication cannot compensate for flawed backend access control.
Read more
infosecwriteups.com
A real-world email verification bypass caused by inconsistent state management between the registration and email verification flows, allowing accounts to be created with unverified email addresses.
Read more
cybersecuritywriteups.com
A business logic flaw in an e-commerce application that allowed manipulation of order calculations through unexpected quantity values, resulting in negative shipping costs.
Read more
cybersecuritywriteups.com
A case study showing how access remained valid after organizational membership was revoked, highlighting common authorization and access lifecycle failures.
Read more
cybersecuritywriteups.com
A seemingly harmless profile endpoint led to an authorization flaw affecting more than 100,000 user accounts.
Read moreI'm an Application Security Engineer and Security Researcher with a focus on application security, API security, business logic vulnerabilities, and authorization flaws.