[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Freelance web-devs make in-secure sites
- Subject: [ale] Freelance web-devs make in-secure sites
- From: DJPfulio at jdpfu.com (DJ-Pfulio)
- Date: Thu, 8 Jun 2017 06:42:41 -0400
Of the 17 commissioned projects by Tripwire (a security firm), 10
websites were completed and purchased.
The researchers found that every website had critical security failures.
Read more here:
https://www.helpnetsecurity.com/2017/06/08/website-security/
* Unauthorized users allowed (all) - Check
* Allowed hackers to upload a PHP webshell (all) - Check
* Allowed auth bypass via SQL injection (several) - Check
* Allowed content modification via SQL injection (half) - Check
Short, but interesting read.