Vulnerability Discovery: Booking Zero Dollar Travel Via a Site

Presented by

Andrew Tieu, Application Security Engineer

About this talk

This presentation will demonstrate the value of manual business logic assessments and provide an example of an abuse of functionality vulnerability identified on a travel booking website. The speaker will provide a real life instance that allowed a user to book zero dollar or negative values for reservations for hotel rooms, entertainment, and restaurants. He will also cover best practices on how to protect your website against abuse of functionality vulnerabilities. The speaker will cover the business impact of the Abuse of Functionality vulnerability including: - How users were being given full control over the amount they paid for events. - Resulting event costs - How this vulnerability created a significant loss for the business

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (63)
Subscribers (19850)
WhiteHat™ DAST is a software-as-a-service (SaaS) dynamic application security testing (DAST) solution that allows your business to quickly deploy a scalable web security program. No matter how many websites you have or how often they change, WhiteHat DAST can scale to meet any demand. Synopsys acquired White Hat Security (NTT Application Security) in June of 2022.