[ale] Freelance web-devs make in-secure sites
Adrya Stembridge
adrya.stembridge at gmail.com
Thu Jun 8 07:41:11 EDT 2017
For $250 they got about what they paid for.
On Thu, Jun 8, 2017 at 6:42 AM, DJ-Pfulio <DJPfulio at jdpfu.com> wrote:
> Of the 17 commissioned projects by Tripwire (a security firm), 10
> websites were completed and purchased.
>
> The researchers found that every website had critical security failures.
> Read more here:
>
> https://www.helpnetsecurity.com/2017/06/08/website-security/
>
> * Unauthorized users allowed (all) - Check
> * Allowed hackers to upload a PHP webshell (all) - Check
> * Allowed auth bypass via SQL injection (several) - Check
> * Allowed content modification via SQL injection (half) - Check
>
> Short, but interesting read.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20170608/2d512697/attachment.html>
More information about the Ale
mailing list