Beware of WebApp Programming Vulnerability leads to personal information leakage

Release Date: 30 Oct 2018 3089 Views
It was reported that website of Hong Kong Airline has a vulnerability, the passenger's personal information can be seen by modifying the end of the URL. It probably falls into risks of Broken Authentication (A2) and Broken Access Control (A5) defined by OWASP Top 10 2017. 
 
HKCERT urges webmasters and web application developers to ensure web application security preventive measures were in placed before web application launch, including:
  • Use authentication to secure web content, especially containing personal information, e.g. Implement Login, Multifactor Authentication
  • Adopt Security and Privacy by design in the software development life cycle (SDLC) 
  • Perform static code scanning during development and perform penetration testing and vulnerability scanning regularly
  • Continuous monitor on application traffic and log analysis

To secure your web application, please refer to below Security Guideline: 

Share with

Previous

Beware of the unauthorized FPS transaction and SVF setup

25 Oct 2018 3792 Views

Next

Favourite Security Reads of the Fortnight (2 Nov 2018)

2 Nov 2018 2225 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY