An interactive tutorial of the Capital One data breach

Gyan Chawdhary — Wed, 22 Jan 2020 16:55:47 +0000

Paige Thompson was accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers.

Paige had exploited a Server Side Request Forgery vulnerability (SSRF) to invoke the AWS meta-data endpoint and subsequently steal authentication tokens to gain access to Capital One's internal network.

The following interactive tutorial is a reconstruction of this data breach incident that exposed the records of almost 106 million customers, how Paige exploited this vulnerability and steps developers can take to mitigate against SSRF vulnerabilities.

DEMO - https://application.security/free-application-security-training/server-side-request-forgery-in-capital-one

An interactive demo of the TikTok XSS vulnerability

Gyan Chawdhary — Wed, 22 Jan 2020 15:27:26 +0000

The recent investigation conducted by Checkpoint Research against TikTok highlights trivially-exploitable security issues, that could have allowed motivated threat actors to gain an understanding and/or manipulate their political adversaries Ad campaigns.

To demonstrate the significance of this vulnerability, we at Kontra have developed an interactive tutorial detailing the Cross-Site Scripting flaw reported within TikTok's Ad platform and the exploitation of this issue by hypothetical cyber adversaries.

The tutorial is designed to teach developers about how cross-site scripting attacks manifest in code, how malicious actors exploit these vulnerabilities and steps developers can take write secure code.

DEMO https://application.security/free-application-security-training/cross-site-scripting-vulnerability-in-tiktok

Forem: Gyan Chawdhary

An interactive tutorial of the Capital One data breach

An interactive demo of the TikTok XSS vulnerability