An Ethical Hacking Story — The Yummy Days Case
An Ethical Hacking Story — The Yummy Days Case
How I found a security issue in The Fork — Yummy Days promotion and how this could have affected their business
As a financial-based web applications developer, I am always concerned about security, and it is also one of my passions. On the last two years, some of the web applications I have worked in have been submitted to thorough security checks, to ensure they were completely secure before going into production mode.
In this journey, I have learnt a lot about authentication, authorization, potentially dangerous requests, injections, and a set of mechanisms to prevent them, including this knowledge in the design process and making applications secure by construction.
Eating is another of my passions, lunch time is my favorite moment of the day and
In this story I will show you how I found a security issue with a promotion of The Fork, called The Yummy Days, and how I built a simple automatic client that allowed me to get the prizes of the Yummy Days
Disclaimer: the opinions expressed in this story are the author’s own and do not reflect the view of The Fork company. The Fork was notified by email of the issue and appropriate measures have been taken to solve it. Also, sensitive information like URLs have been hidden.
Note: Some technical knowledge is needed to understand some parts of this story.