It was recently announced that OneStopParking.com suffered from a data breach exposing customer credit card data. According to the report, the breach occurred due to missing patches in the application’s Joomla install. Apparently the patches caused some problems with the application so they were pushed back. The patches in question were released in September of 2014. Take-Aways Implement a patch management program Use a web application firewall (WAF) for extended coverage It is common … [Read more...] about OneStopParking Breach Thoughts and Takeaways
security
MoonPig Take-Aways
It was recently released that there were some security concerns with how the Moonpig, an online greetings card company in the UK, utilizes their API for mobile applications. From the public disclosure of a vulnerability found in their API it may be possible for a user to see other user’s personal information, including last 4 of their credit card number, expiration date and name. This is a great opportunity to look at some of the security issues and how they can be avoided in your … [Read more...] about MoonPig Take-Aways
Welcome
Welcome to the brand new DevelopSec website. The goal of this site is to provide useful information for IT professionals to help develop better security practices. All too often, we see that there are professionals that are working very hard to create great products, but do not have the security information they need. Breaches are happening every day and many wonder why it matters. We hope to make an impact and show how we can learn from the breaches or other security incidents that occur so … [Read more...] about Welcome
Ep. 1: Introduction to the Podcast
Hey everyone, I have spent a lot of time working in application security and prior to that, development. Over the years, I have had a chance to reflect a bit on some of the security issues I saw as a developer and as a security practitioner. In an effort to help share some of this knowledge and experience, I am starting a podcast series focused on secure development. The goal is for shorter, 10-20 minute, episodes. I hope you take a moment to take a listen. Transcript: Hi, and welcome to … [Read more...] about Ep. 1: Introduction to the Podcast