|
|
|
|
|
|
by Mandatum
2172 days ago
|
|
|
One of the first things I've recommended with systems that deal with PII or secret data is to see if the vulnerability being reported or discovered has been exploited in the past. Many different hops will log things like HTTP paths, which include GET information - or DB audit logging which can easily be traced with message ID's or timestamp comparisons. It's surprising how easy it is to trace issues, debug logging is often left on in Production systems.. I wouldn't take that risk. |
|
|