Top 10 OWASP vulnerability...... OWASP Top 10 Application Security Risks - 2017 A1-Injection Injection flaws, such as SQL, OS, XXE, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. A2-Broken Authentication and Session Management Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities (temporarily or permanently). A3-Cross-Site Scripting (XSS) XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user supplied data using a browser API that can create JavaScript. XSS allows attackers to e
Posts
Uber Paid $100,000 to Stop Hackers Who Stole Data From 57 Million Users, Drivers This is dangerous data breach.... The Uber chief said he only recently learned that outsiders had broken into a cloud-based server used by the company for data and downloaded a "significant" amount of information. Updated on: November 22, 2017, 12:14 PM San Francisco: Uber said Tuesday that hackers compromised personal data from some 57 million riders and drivers in a breach kept hidden for a year. "None of this should have happened, and I will not make excuses for it," said a statement from chief executive Dara Khosrowshahi, who took over at the ridesharing giant in August. Two members of the Uber information security team who "led the response" that included not alerting users that their data was breached were let go from the San Francisco-based company effective Tuesday, according to Khosrowshahi. Stolen files included names, email addresses, and mobile phone