Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room. Today we’re excited to have an amazing guest, Swan Beaujard, join us. Swan is a security software engineer at Escape, specializing in Dynamic Application Security Testing. He is a core contributor to a lot of open-source projects related to GraphQL security and is passionate about machine learning and reverse engineering. He presented his contributions and research at several international security conferences like BSides Oslo: • BSides Oslo 2023 This year, Swan published his new research detailing scanning and analysis of the 1 million most popular domains. Scanning the front-end code of these domains led to shocking results. He discovered 18,000 exposed tokens and turned a $100 investment in the project into $20 million in Stripe tokens. In this episode, we discuss Swan’s technical approach and how it feels to find so many exposed secrets. Dive right in!