Masked Menace: How a Fake OAuth App and a Loose GraphQL Endpoint Stole the Real Keys

Masked Menace: How a Fake OAuth App and a Loose GraphQL Endpoint Stole the Real Keys

shiny. A GraphQL endpoint sitting quietly behind an OAuth authorization flow. The kind of thing that doesn’t scream “I’m vulnerable,” but …

 

Read More