Did you know that input fields on a web form support spell checking by default in many web browsers? This is a feature of the browser that can help catch errors early for the end user. Recently, some testers found that some data may be leaked during the spell checking function to 3rd parties. Here is a reference article describing this: https://www.darkreading.com/application-security/spellchecking-google-chrome-microsoft-edge-browsers-leaks-passwords The first point to make here is this is … [Read more...] about The risk of Spell Checking
MoonPig Take-Aways
It was recently released that there were some security concerns with how the Moonpig, an online greetings card company in the UK, utilizes their API for mobile applications. From the public disclosure of a vulnerability found in their API it may be possible for a user to see other user’s personal information, including last 4 of their credit card number, expiration date and name. This is a great opportunity to look at some of the security issues and how they can be avoided in your … [Read more...] about MoonPig Take-Aways
Welcome
Welcome to the brand new DevelopSec website. The goal of this site is to provide useful information for IT professionals to help develop better security practices. All too often, we see that there are professionals that are working very hard to create great products, but do not have the security information they need. Breaches are happening every day and many wonder why it matters. We hope to make an impact and show how we can learn from the breaches or other security incidents that occur so … [Read more...] about Welcome