Tag: web application security
May 26, 2015 | by Edcel Suyo | Researches

Adult dating website, AdultFriendFinder.com, was recently compromised by hackers and data of about 3.9 million users have been affected by the breach. Information exposed in this massive cyberattack include email addresses, usernames and passwords, birthdays, sexual preferences and other sensitive information that is all too revealing.
Tags: AdultFriendFinder, cyber attacks, hacker, security breach, web application security, web attack
Read more
April 4, 2015 | by Edcel Suyo | Researches

A few members of the British Airways Executive Club complained about their points from their accounts getting stolen. Some of these points were used to book a hotel room and others had all their points wiped out. According to a report from BBC, this issue was dated back at least 2 weeks.
Tags: British Airways, cyberattack, web application penetration testing, web application security
Read more
March 27, 2015 | by Edcel Suyo | Researches

A security flaw was discovered in the Hilton.com website that allowed an attacker to gain access to a client’s account simply by knowing or guessing the account number. Bansec security firm found the flaw at the Hilton HHonors page wherein an attacker could hijack any other account just by changing the site’s HTML content to reflect the other account number, then reloading the page.
Tags: cross site forgery request, csrf, Hilton website, IDOR, insecure direct object reference, pwd, wapt, waptx, web application security, web vulnerability
Read more
March 18, 2015 | by Edcel Suyo | Company News

Web Applications are under constant attack from criminals – mostly with very little defense! The demand for skilled warriors to fight against these vulnerabilities is rapidly increasing. It’s time to stand up and fight!
Imagine that you have the knowledge to test web applications for vulnerabilities, being an expert in XSS and SSL Injections, mastering burp-suite, knowing all about HTML5 attacks and how to bypass filters and WAF techniques.
Tags: practical web defense, pwd, wapt, waptx, web application penetration testing, web application penetration testing extreme, web application security
Read more
February 7, 2015 | by Edcel Suyo | Blog posts

Google has launched the Vulnerability Research Grant which is an experimental initiative to reward information security researchers that look into their products and services even if there are no vulnerabilities found. These IT researchers (sometimes known as white-hat hackers) will be provided upfront awards as high as 3,133.70 USD.
Tags: bug bounty, cybersecurity, Google, vulnerability, wapt, web application security
Read more
January 24, 2015 | by Edcel Suyo | Researches

Since its launch, web app security enthusiasts have uploaded various challenges in the Hackme community. Giuseppe Trotta, IT Security Researcher and main developer of this project, has compiled the most downloaded Hackme challenges in 2014.
Tags: hack.me, hacking skills, hackme, web application security
Read more
January 17, 2015 | by Edcel Suyo | Researches

A list of the top vulnerabilities based on penetration tests conducted in the UK over the last year has been posted by TechUK. IT Security Researcher, Andrea Tarquini, shares his insights on how we can best fix these common web app security issues.
Tags: owasp, wapt, web application security, web vulnerabilities
Read more
October 23, 2014 | by GiRa | Blog posts

Master of Puppets
Hello fellow pentesters,
thanks to everyone who joined the live webinar. As tour manager would say: “the house was packed”!
If you did not make it, you can download the recording of the entire session here.
The Scenario
The web application tested is a social network where users can upload their “selfies”.
Tags: scripting, sqli, sqlmap, web application security, webinar
Read more
October 9, 2014 | by GiRa | Blog posts

Master of Puppets
What happens when you have a web application using EXT4 to store files, correctly escapes queries and does not accept direct user controlled parameters?
You need to take your SQLi to the next level!
Tags: scripting, sqli, sqlmap, web application security, webinar
Read more
September 18, 2014 | by Edcel Suyo | Researches

5 million Gmail username and password combinations were leaked in an online Russian forum recently and Google is advising its users to update their passwords in order to protect their accounts. It was later revealed that these information appears to be outdated, and some passwords were more than 3 years old.
Tags: password, two-factor authentication, web application security
Read more