While working at ManoMano, I spent some time auditing various software we rely on for end2end tests. During this, I stumbled upon Web Page Test, a software that will query and render a website with a headless browser in order to audit its performance, usability, loading time, etc. Back then, our tech ecosystem was relying on this, but we, at the Security Team explained why this software seemed way too prone to security issues. One week later, Web Page Test was gone because 'a pre-auth SSRF ha...
