How We Audited a High-Traffic Shopify Enterprise Stack on AWS and Mitigated Broken Object Level Authorization (BOLA) in API gateway endpoints
Understanding the Threat: Broken Object Level Authorization (BOLA) in a Shopify Enterprise Context Our engagement focused on a high-traffic Shopify Enterprise stack hosted on AWS. The core concern was Broken Object Level Authorization (BOLA), a critical vulnerability where an attacker can access resources they are not authorized to access. In a multi-tenant SaaS environment like […]