today I have for you an explanation of the vulnerability that affected Hackerone itself and was reported on their platform. The GraphQL leakage was leaking all the data that was possible accessible via GraphQL API.
00:00 What is GraphQL?
00:30 GraphQL vs REST API
02:27 egde-based vs node-based access control
04:50 the root cause of the vulnerability
05:53 the impact and the fixes