Wednesday - 5:30 pm - 6:00 pm


Joyce Kettering

DevRel @WeWeb

Tech & Nocode - Conference

How to hack a no-code application to better protect it

Conference in French

- To show how information circulates on the internet and all the data available in the browser inspector
- Show that, even if the data is not on the page, it can be visible in the browser (e.g. show confidential information that is not on the page)
- Explain that an API call can be read in the browser and used to guess another one (e.g. edit a record by guessing the call to edit from the call to read this record that is visible in the browser)
- Adding authentication is not enough, it is also necessary to verify that the person requesting the info is authorized to see that specific info (e.g. showing the info of someone other than the logged in person)
- Protect the admin role at all costs to avoid the risk of a hacker claiming to be an admin and deleting all our data tables.