How Bad Authorization Design Put 200,000+ Students at Risk
How I discovered a chain of IDORs in a public education platform used by every FP student in Catalonia, chained them into a full account takeover, and reported it responsibly.
Oscar Fernandez
Hi! I'm Oscar Fernandez, 18 y/o backend dev and hobbyist security researcher from Mataró, Barcelona. I spend most of my time in the Python ecosystem, whether that's building backends or digging into systems I probably shouldn't. I also build and contribute to open source whenever I get the chance.
This is where I write about it.