Advanced security research lab on BOLA (CWE-285) and IDOR in RESTful architectures. Features a Flask-based API gateway and a Python-engineered exploit engine demonstrating Account Takeover (ATO) via JSON payload manipulation. Includes enterprise remediation strategies using cryptographically signed session claims and server-side authorization.
appsec python-security owasp-top-10 account-takeover api-security idor broken-authorization bola cybersecurity-portfolio rest-api-exploit
-
Updated
Feb 25, 2026 - Python