Expanding the attack surface TL;DR: Step-two workflow: hidden parameters, undocumented routes, legacy endpoints, error-message info disclosure. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO