What are some creative but realistic attack vectors that often slip past defenders in modern e-commerce systems?
- Abuse of business logic (e.g., coupon codes, cart manipulation, returns/refunds) - Supply chain risks (malicious dependencies, Docker images, CI/CD compromises) - Authentication bypasses through SSO/OAuth misconfigurations - Exploiting integrations (payment gateways, third-party APIs, shipping providers) - Insider threats or misused admin panels
If you’ve seen or tested interesting vectors in the wild, I’d love to hear about them. Also curious how defenders can realistically monitor or mitigate these risks without overwhelming their teams.