THREAT OPS › Threat News › The Red Agent POV: Exploiting Broken Object-Level Authorization in an Airline GraphQL API
The Red Agent POV: Exploiting Broken Object-Level Authorization in an Airline GraphQL API
Part 2: How the Red Agent bypassed backend resolvers to expose an entire airline booking database in fifteen minutes
Original source: https://www.wiz.io/blog/red-agent-pov-bola