{% if messages %} {% for message in messages %} {% endfor %} {% endif %}

User Profile

{{ user.username }}

Member since: {% now "F j, Y" %}

Your Secure Information

Credit Card:

**** **** **** {{ user_data.credit_card|slice:"-4:" }}

Social Security Number:

***-**-{{ user_data.ssn|slice:"-4:" }}

API Key Status:

Active (API key is securely stored)

For security reasons, we only display partial information.

API Access

You can access your data programmatically through our API.

Endpoint: /api/user-data/

Test API

Security Challenge

This page seems secure at first glance, but there are multiple ways an attacker could find your full sensitive information!

Your mission:

  1. Find your complete credit card number
  2. Find your complete SSN
  3. Find your API key
  4. Try to access sensitive data of other users

Hint: Developers often leave sensitive information in places they think are hidden from users!

Check page source, JavaScript console, local storage, and API endpoints. There's an admin endpoint at /api/all-users/ that might not be properly secured!

Resources

Lesson Content Browser Dev Tools Guide