whups sounds like someone forgot to get a Pen.Test done

Aug 30th, 2006

Comments: 0
Category: Web Security

whups sounds like someone forgot to get a Pen.Test done

O2 closes call records site after security flap | The Register
whenever I read this kind of story it makes me reckon that the victims probably hadn’t had a recent Pen. test done, and the kind of URL manipulation described would likely have been picked up by most testers.
However kudos to O2 for admitting the flaw and moving to fix it, instead of taking the line that some organisations seem to take which is to attack the person that found the flaw….

Add a comment

Your email address will not be shared or published. Required fields are marked *