HEARD ABOUT THEM??
They have 13 million Customers!!
KNOW THIS PERSON??
Senior Staff writer in wired
AN EPIC HACK
How about CC
I’ll give you
Got the CC
new Credit card
access! Add new e-
•Process intended to reveal ﬂaws in the security mechanisms of an information system
•Finding out the potential loopholes & weakness of the system
•To check whether there is an information leakage
•Passing Security Testing is not an indication that no ﬂaws exist
•Password should be in encrypted / hashed
•Credentials(say login) delivered only over HTTPS
•System/Application should not allow invalid users
•Browser Back button should not allowed for a Banking website
•Cookies / Session token should timeout after a certain time
•Forms should be validated at Server side also. Test the APIs
•Directory structure should not be browsable
•Check if Exceptions are handled correctly. Stack trace errors shouldn’t be displayed
•Use plugins to keep checking for vulnerabilities from time to time (Eg: Tamper Data, Site Spider, etc)