Broken Access Control in REST APIs – Shields Up 🛡️ !
Unfortunately, I have a long relationship with Broken Access Control (BAC) in most of its forms. As a research leader, I often encounter critical security flaws that have one thing in common – they are all the result of a bad access control design.
DLL Injection Attack in Kerberos NPM package
For those who are not familiar with NPM (Node Package Manager), it is a gigantic software registry that contains hundreds of thousands of open source Node.js projects in the form of packages. As a matter of fact, if a developer wanted to share their code with the world, NPM would be a good way to do it.
Everything You Always Wanted to Know About Passwords
Until quite recently, connecting to a website or online service meant simply typing in a username and password. In the early days, one could even get away with using the same password across multiple sites and services fairly safely.
The Aftermath of the Equifax Breach
In Sept of 2017, news broke that Equifax, one of the world’s three largest consumer credit reporting bureaus, had suffered a massive data breach. This follows the infamous US OPM (Office of Personnel Management) hack of 2015.