- 16 Nov
In this briefing, I'll share a high level details (no exploits) for a real-world case I came a cross while hunting for bugs on a critical low-code app. The case unfolded as a series of discoveries, culminating in the identification of numerous vulnerabilities within the low-code application, among them being remote code execution and the takeover of a development admin account. Interesting enough, the bugs were duplicated in several other critical low-code apps.
Throughout this session, I will share my methodology in finding vulnerabilities in low-code apps with the aim to highlight common weakness associated with low-code apps which are different in nature than traditional apps.