Web application security is yet remains one of the most challenging problems enterprises face today. Product oriented companies can overcome these issues by implementing 0day hunting pipeline on their products. So, in this session, I will talk about multiple vulnerabilities I found on Lucy Security Awareness Product [https://lucysecurity.com] by explaining my 0day hunting methodology on web application and how I combined those multiple vulnerabilities to generate real world attack vectors. Attendees will learn about the required steps on 0day hunting of web applications, how they can misuse intended functionalities of web applications and how they can remediate the problems in SDLC phase.

my research/whitepaper: http://web.archive.org/web/20211209030746/https:/www.abuyv.com/lucy-unauthenticated-remote-code-execution/
CVE-ID: CVE-2021-28132