Access Control and Security Through Obscurity                               Chapter 8

            Questions


                   1.  Is security by obscurity a valid security layer?
                   2.  What are some common pieces of information reported for bounties?
                   3.  What's a good tool for uncovering hidden content?
                   4.  What's the difference between an API key and an access token?
                   5.  What information typically does not merit a payout as a data leak vulnerability?
                   6.  What's a downside to relying on client-side data filtering?
                   7.  What are some common vectors through which web application data leaks?



            Further Reading


            You can find out more about some of the topics we have discussed in this chapter at:
                      Google Cloud Endpoints on API Keys versus Authentication Tokens: IUUQT
                      DMPVE HPPHMF DPN FOEQPJOUT EPDT PQFOBQJ XIFO XIZ BQJ LFZ
                      Consul Config Management: IUUQT   XXX DPOTVM JP



































                                                    [ 143 ]