It was recently announced that there was a flaw identified (and since fixed) in the Verizon API that allowed access to Verizon customer email accounts. The way this worked was that there was an ID parameter with the email account's user ID specified. If a user supplied a different user's ID name, that user's email account would be returned. This is known as an Insecure Direct Object Reference. It was also found that the attacker could not only read another user's email, but also send email … [Read more...] about Verizon Email API Insecure Direct Object Reference Thoughts and Takeaways
security awareness
OneStopParking Breach Thoughts and Takeaways
It was recently announced that OneStopParking.com suffered from a data breach exposing customer credit card data. According to the report, the breach occurred due to missing patches in the application’s Joomla install. Apparently the patches caused some problems with the application so they were pushed back. The patches in question were released in September of 2014. Take-Aways Implement a patch management program Use a web application firewall (WAF) for extended coverage It is common … [Read more...] about OneStopParking Breach Thoughts and Takeaways
Welcome
Welcome to the brand new DevelopSec website. The goal of this site is to provide useful information for IT professionals to help develop better security practices. All too often, we see that there are professionals that are working very hard to create great products, but do not have the security information they need. Breaches are happening every day and many wonder why it matters. We hope to make an impact and show how we can learn from the breaches or other security incidents that occur so … [Read more...] about Welcome