HackDig : Dig high-quality web security articles for hackers

Moonpig Website Vulnerability, Incident and Breaches

Personalised greetings card service Moonpig was all over the popular news yesterday.Paul Price found an exploitable weakness in Moonpig's public API and contacted them in August 2013, and again a year later. Eventually he gave up and published details on Monday.Following much Twitter activity, yesterday Moonpig tweeted:We are aware of claims re customer data
Publish At:2015-01-10 21:25 | Read:5356 | Comments:0 | Tags:technical development vulnerabilities preventative incidents

FTC Final Order Against Snapchat

Following a public comment period in May-June 2014, at the end of December the US consumer protection body Federal Trade Commission has approved a final order settling charges against Snapchat that lasts for twenty years.The charges related to how Snapchat deceived consumers about the automatic deletion of private images sent through the service.The key FTC
Publish At:2015-01-10 21:25 | Read:3429 | Comments:0 | Tags:technical privacy retention administrative specification pol

SANS SWAT Checklist and Poster

The SANS Institute has published a poster called Securing Web Application Technologies (SWAT).SWAT 2014 (PDF) is a two-page large-format colourful poster combining a SWAT checklist with a What Works in Application Security chart.The SWAP checklist groups its suggested best practices into the following areas: authentication, session management, access control
Publish At:2014-12-02 17:05 | Read:6156 | Comments:0 | Tags:testing corrective operation metrics maturity administrative

Two ENISA Reports on Cryptography

At the end of last week, the European Union Agency for Network and Information Security (ENISA) published two reports on the use of cryptography.Algorithms, Key Size and Parameters 2014 (PDF) provides guidance on appropriate cryptographic protective measures for the protection of personal data in online systems. The report defines primitives/schemes that can
Publish At:2014-11-25 22:50 | Read:3961 | Comments:0 | Tags:privacy data protection technical standards guidelines preve

OWASP Snakes and Ladders

In a month's time we will probably be in full office party season. I have been preparing something fun to share and use, that is an awareness document for application security risks and controls.Snakes and Ladders is a popular board game, with ancient provenance imported into Great Britain from Asia by the 19th century. The original game showed the effects o
Publish At:2014-11-06 06:15 | Read:5323 | Comments:0 | Tags:preventative data protection code injection business logic p

Denial of Service Attack Prevalence and Recurrence

I do not often refer readers of the blog to the Akamai State of the Internet report, but the latest edition contains some useful data on denial of service attacks.The 2014 Q2 State of the Internet Report can be downloaded after registration and providing some sales lead information.The observations on denial of service attacks describes how almost 30% of the
Publish At:2014-10-23 04:45 | Read:4148 | Comments:0 | Tags:defense technical threats operation preventative

Cost of Cyber Crime for UK Companies 2014

The third annual study of the cost of cyber crime in UK companies has been published.This 2014 report from Ponemon Institute is the third annual study of U.K companies, and is based on a representative sample of 38 organisations across industries. Findings for other regions/nations, relating to 257 companies in 7 countries in total, have also been published.
Publish At:2014-10-19 06:40 | Read:4238 | Comments:0 | Tags:technical corrective metrics administrative preventative inc

Request to Participate in the OWASP CISO Survey 2014

The OWASP CISO Survey Report was published in January 2014.OWASP is again conducting the survey among senior information security leaders and managers and needs your help. The results will be published in the OWASP CISO Report 2014 which will be free to access and use. The project team has asked if we can share this invitation with security contacts in com
Publish At:2014-10-07 19:50 | Read:3772 | Comments:0 | Tags:corrective administrative maturity technical SDLC informatio


Share high-quality web security related articles with you:)