The Open Web Application Security Project (OWASP) Top 10 is a consensus list of the top web application security concerns, guiding testers and developers. The 2021 version includes new categories and relabelled items, providing a great resource for application security and audit/compliance. Leverage the OWASP Top 10 to spread awareness and make sure you don't miss out on anything.
Blog / Risk
When every security flaw is deemed important, it creates chaos at the business level. In the short term, precious resources are wasted addressing such findings. Longer-term, these things add up to create true dysfunction in an overall security program which, ironically, makes the organization more susceptible to the risks that matter.
The fine British Airways are facing is related to a 2018 data breach that affected thousands of customers and compromised data from over 380,000 card payments. The fine was issued due to BA’s failure to comply with GDPR rules. Preventing the breach would not have only avoided the fine (obviously), but it would’ve prevented a much more costly outcome — thousands of dissatisfied customers that lost trust in the brand.
Cryptojacking is the digital version of it — it’s when the hacker steals your computer’s resources and uses them to harvest cryptocurrency. Mining is only a viable business if the cost of the computing power and electricity required to operate and cool down your systems is significantly lower than the monetary gain you get from mining.
Facebook announced it suffered an attack that affected almost 50 million users. The hack required the chaining of multiple vulnerabilities, being one of them in the “View As” feature, that help users control their privacy by previewing how other users see their profile.