"Be a bad guy" is the most tedious but often the most effective. As the developer, we know how the application works and communicates to other services. Using that to your advantage can show you your weak points.
"Managing keys" would also be great add-on. When testing, shortcutting how we access our keys is something I use to overlook when starting off. Mostly because I wasn't dealing with sensitive data. Later I read up on how AWS accounts would get exploited when developers left their access keys in public GitHub repos.. Unless you want a fat bill at end of the month, careful managing your access keys :)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
"Be a bad guy" is the most tedious but often the most effective. As the developer, we know how the application works and communicates to other services. Using that to your advantage can show you your weak points.
"Managing keys" would also be great add-on. When testing, shortcutting how we access our keys is something I use to overlook when starting off. Mostly because I wasn't dealing with sensitive data. Later I read up on how AWS accounts would get exploited when developers left their access keys in public GitHub repos.. Unless you want a fat bill at end of the month, careful managing your access keys :)