Adult dating website, AdultFriendFinder.com, was recently compromised by hackers and data of about 3.9 million users have been affected by the breach. Information exposed in this massive cyberattack include email addresses, usernames and passwords, birthdays, sexual preferences and other sensitive information that is all too revealing.
A few members of the British Airways Executive Club complained about their points from their accounts getting stolen. Some of these points were used to book a hotel room and others had all their points wiped out. According to a report from BBC, this issue was dated back at least 2 weeks.
A security flaw was discovered in the Hilton.com website that allowed an attacker to gain access to a client’s account simply by knowing or guessing the account number. Bansec security firm found the flaw at the Hilton HHonors page wherein an attacker could hijack any other account just by changing the site’s HTML content to reflect the other account number, then reloading the page.
Web Applications are under constant attack from criminals – mostly with very little defense! The demand for skilled warriors to fight against these vulnerabilities is rapidly increasing. It’s time to stand up and fight!
Imagine that you have the knowledge to test web applications for vulnerabilities, being an expert in XSS and SSL Injections, mastering burp-suite, knowing all about HTML5 attacks and how to bypass filters and WAF techniques.
Master of Puppets
Hello fellow pentesters,
thanks to everyone who joined the live webinar. As tour manager would say: “the house was packed”!
If you did not make it, you can download the recording of the entire session here.
The web application tested is a social network where users can upload their “selfies”.
Master of Puppets
What happens when you have a web application using EXT4 to store files, correctly escapes queries and does not accept direct user controlled parameters?
You need to take your SQLi to the next level!
5 million Gmail username and password combinations were leaked in an online Russian forum recently and Google is advising its users to update their passwords in order to protect their accounts. It was later revealed that these information appears to be outdated, and some passwords were more than 3 years old.