$
|
About - Rony
Speaking The Hidden Language of Vulnerabilities
I'm Rony, a security researcher at HackerOne and BugCrowd, working in web and application security, skilled at finding vulnerabilities in web apps, APIs, and infrastructure.
Latest finding
Cross-Tenant Data Access via API Token Prefix Trust
A flawed token parsing mechanism trusted the company ID embedded in the token string instead of resolving it from the database, giving full read and write access across tenant boundaries on a global HR platform.