Hands-on PII security scenarios. Find data leaks before they ship.
A fintech auth route with 7 PII leaks. Ship it or block it?
REST endpoint returning too much data. What should never leave the server?
Payment webhooks logged verbatim. What could go wrong?
A config file was committed to a public repo 4 minutes ago. How bad is it?