BLACK HAT EUROPE 2021 — London — All it took was a space between characters and a few random letters, and Web researcher Daniel Thatcher was able to modify the HTTP header sent to Amazon API Gateway.
Security researcher Piyush Gupta discovered that adding a trailing slash to API paths on AWS HTTP API, the newer and cheaper variant of API Gateway, could bypass Lambda authorizer authentication ...