Anton Linné
Anton Linné (@safts0ppa ) is a freelance IT security researcher and penetration tester with over a decade of experience, mostly digging into application security and recon. Enjoys automating things.
Session
09-11
11:30
30min
I know who your users are - abusing user enumeration for OSINT and Bug Bounty
Anton Linné
If you’re used to seeing user enumeration marked as informational or excluded from bug bounty program scopes, you’re not alone. User enumeration is one of those findings that’s hard to prove as impactful, but also hard to get rid of.
This talk will dive into user enumeration and demonstrate its real impact, something that might make clients reconsider the severity of this finding.
Main hall