[ale] Freelance web-devs make in-secure sites
DJ-Pfulio
DJPfulio at jdpfu.com
Thu Jun 8 06:42:41 EDT 2017
Of the 17 commissioned projects by Tripwire (a security firm), 10
websites were completed and purchased.
The researchers found that every website had critical security failures.
Read more here:
https://www.helpnetsecurity.com/2017/06/08/website-security/
* Unauthorized users allowed (all) - Check
* Allowed hackers to upload a PHP webshell (all) - Check
* Allowed auth bypass via SQL injection (several) - Check
* Allowed content modification via SQL injection (half) - Check
Short, but interesting read.
More information about the Ale
mailing list