Collaborate Disseminate
Credit: Amatechinc
Many developers dread code reviews, and one reason for this is probably that most reviewers only offer criticism rather than encouragement. Remember as a peer reviewer, you can also reinforce things you see that are done well, which … Continue reading Towards a concept of Security Specification for Software Supply Chain
The average multinational spends several million dollars a year on compliance, while in highly regulated industries — like financial services and defense — the costs can be in the tens or even hundreds of millions. D… Continue reading Automated Sensitive Data Leak Detection
In my previous post, we witnessed a vendor partnership flaw that was exploited. Let us now situate ourselves in an online auction event.
Online auctions offer buyers and sellers of a wide variety of goods an enormous platform for trade. Just like… Continue reading Case Files: Outbidding
Fast forward 2012, from my last post that enacted Citibank’s exploit from 1999.
The actors in this story are Andrew and Allen Chiu and their plot to defraud Nordstorm via a channel partner FatWallet.com.
FatWallet Inc. used to be a membersh… Continue reading Case Files: The dynamic duo Andrew and Allen exploit Nordstrom with their FatWallet
In my previous post, we witnessed how a flawed design pattern of session management across SaaS vendors led for an exploit to manifest.
Type your email here https://haveibeenpwned.com/ and verify if you have been pwned. If you are not, skip this entir… Continue reading Case Files: Your data has been breached, now what?
In my previous post, we witnessed how a bidding process can be abused in an online auction marketplace.
All of us are guilty of using SaaS services in this cloud era. Our systems use services like Okta for uniauth, Stripe for payments, Sendgrid for em… Continue reading Case Files: Pusher in Coinbase cookie
Watch this video!
https://medium.com/media/654f032b93a97724996c4a7769de001f/href
Courtesy: Moshe Tamssot
A typical Big Mac has two juicy beef patties with melted American cheese, pickles, onions, lettuce and McDonald’s Special Sauce on… Continue reading Case Files: One (Bug)Mac, please!
In the prior installment, I discussed and described the definition of a business logic flaw.
Let us now turn back time to 1999 and recount events leading to Citibank attack on approximately 360,000 of its customers’ financial data
The compa… Continue reading Case Files: Attack like its 1999 (Citibank) in 2012 (Signet/Jared jewelers, Molina Health)
Suprema Security Breach: Protecting Apps from BioMetric Security Flaws
Courtesy : MedGadget
Welcome to the world of biometric authentication, where your eyes, ears, and fingerprints are the access code to prove individual identity. Biometric … Continue reading Protecting from BioMetric Security Flaws
Capital One Breach: A Crime Board & A Case of Speculative Sleuthing
Background
Capital One is not only one of the most well respected financial institutions in the world for their business success, but they’ve also been a leader in driving so… Continue reading Capital One breach crime board — case of speculative sleuthing