Recent security breaches

Latest posts

XSS Case Study

XSS Case Study

Reading Time: 6 minutes Explore the key elements of this Cross-Site Scripting vulnerability in the Google search engine.

API vulnerability: Wild card to win USPS customer data

API vulnerability: Wild card to win USPS customer data

Reading Time: 3 minutes The US Postal Service launched its Informed Visibility program last year to provide better insight into their mailstream service. For example, one can obtain near real-time notifications about delivery dates and identify trends. However, they have made much more data available than intended, at least 60 million customers were exposed to anyone who is registered on http://www.usps.com.

The three fatal bugs behind the Facebook breach

The three fatal bugs behind the Facebook breach

Reading Time: 5 minutes The Facebook breach was discovered after the social media company saw an unusual spike of user activity that began on September 14, 2018. A few days later, on Tuesday, September 25, Facebook’s engineering team discovered an unprecedented security issue, that affected about 30 million users. The social media giant says the flaw has been patched, but the people behind this attack are still unknown.

Report a vulnerability in a responsible way!

Report a vulnerability in a responsible way!

Reading Time: 5 minutes If you have found a vulnerability and you want to act responsibly, discretion is most important. Always remember you have information that can be exploited by black-hats putting not only the enterprise and its reputation but its users at risk.

Broken Access Control

Broken Access Control

Reading Time: 7 minutes Access control, or authorization, is how a web application grants access to resources to some users, and not others. These resources mostly fall into two categories: sensitive data, which should only be accessed by certain entities, and functions that can modify data on the webserver, or even modify the server’s functionality. Authorization checks are performed after authentication: when a user visits a webpage, first they have to authenticate themselves, i.e. login, then if they try to gain access to a resource, the server checks if they are authorized to do so.

Deep dive into the Equifax breach and the Apache Struts vulnerability

Deep dive into the Equifax breach and the Apache Struts vulnerability

Reading Time: 6 minutes You’ve probably read about the Equifax breach and the Apache Struts vulnerability in NY Times, in Bloomberg or somewhere else. The breach resulted in the leakage of 143 million user profiles, including Social Security numbers, birthdates and addresses.

Get to know your way around recent security breaches