How I Exploited P&O Cruises' Web App to Gain Benefits on my Trip to Spain and Portugal
In this blog post, I’m going to show you how it was possible to exploit Broken Access Control on a popular cruise company’s web app. I was able to use the devtools in my browser client to book restaurants on my holiday, when I shouldn't have been able to. Broken Access Control is one of the most common vulnerabilities for web applications and is the current top OWASP application risk . When exploited, users can gain unauthorised access to restricted resources, or sensitive information and systems. Top 10 Web Application Security Risks and how their positions have changed from 2017 to 2021. Open Web Application Security Project/OWASP With an increasing number of JavaScript frameworks, it’s becoming easier than ever for developers to create flashy and fast websites. Logic is being moved from back-end to front-end, and page loads are reduced along with server processing. These benefits are great for developers, but it’s easy to forget that we may no longer be the ones in contro...