Browsed by
Category: BreachDirectory

OWASP Mobile Top 10 Part 1: Improper Platform Usage

OWASP Mobile Top 10 Part 1: Improper Platform Usage

Comments 0 Comment

The improper platform usage vulnerability is the first vulnerability in the OWASP Mobile Top 10. This blog will provide some insight into what it is and how it’s actually exploited in the wild while also telling you how to protect your own mobile applications. What is Improper Platform Usage? The improper platform usage vulnerability refers to a vulnerability that is derived from the improper usage of platforms in use by an application. In other words, this category covers the misuse…

Read More Read More

BreachDirectory has passed the 5 Billion record mark – here’s what it means

BreachDirectory has passed the 5 Billion record mark – here’s what it means

Comments 0 Comment

When I first began creating BreachDirectory, I thought I’d see at most a hundred million records. Okay, maybe half a billion. But this, this is something else altogether.. Today, BreachDirectory has passed the 5 billion record mark. I’m not sure whether this is a celebratory occasion though, because five billion – billion – people having their data compromised in one way or another is never a good thing. But hey, that is the reality of the web today. Data breaches are…

Read More Read More

Your passwords are terrible, and it’s time to do something about it

Your passwords are terrible, and it’s time to do something about it

Comments 0 Comment

You know what surprises me the most in regards to data breaches? It’s the fact that people still continue to use passwords like “password” or “123456” to protect their accounts. Think I’m kidding? I’m really not, take a look. Using passwords like these is a big issue because it leads to really, really bad things. Identity theft One day you log into your banking account to do some shopping and next thing you see is that you’ve got no money. You’ve…

Read More Read More

Your website needs a CSP. Here’s why

Your website needs a CSP. Here’s why

Comments 41 comments

Here’s a scenario: You create a website and make it available online. Your website ends up getting hacked (it happens frequently, by the way..) The nefarious party is able to inject some malicious javascript into one of your pages. A legitimate user visits your website and is redirected to a phishing page as a result of the work done by an attacker. The user attempts to log into the page thinking it’s your website and ends up getting all of…

Read More Read More