Mastodawn

I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty

https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html

#HackerNews #AWS #API #Gateway #Bounty #TrailingSlash #SecurityResearch #Cybersecurity

I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty.

I was poking at a fintech’s mobile API and noticed something that made no sense. GET /v1/accounts returned 401. GET /v1/accounts/ returned...

Statuslink Apr 18

The Unexpected Importance of the #TrailingSlash For many using Unix-derived systems today, we take for granted that /some/path and /some/path/ are the same. statusl.ink/theunexpecte...