How We Audited a High-Traffic Python Enterprise Stack on OVH and Mitigated insecure schema parsing in custom GraphQL/REST APIs
Initial Stack Assessment and Threat Modeling Our engagement began with a deep dive into a high-traffic enterprise Python stack hosted on OVH. The core of the application exposed both REST and GraphQL APIs, serving a significant user base. The primary concern was a potential for insecure deserialization and schema parsing vulnerabilities, particularly given the custom […]