In here, I will show you how I Hacked My Coffee Shop and Accessed My Data: Hacking Your Application May Be Easier Than You Think.
I noticed a suspicious behavior on the weekly email from my coffee shop's subscription; it was offering me to edit my preferences directly through a dedicated link. I was able to bypass the cookie and authentication token (no tricks) and was able to reach an account details panel changing password/account email, etc. Essentially the shop was exposed to severe authentication and authorization issues, leading to IDOR of PII (exposure of private identifiable information). On top of that, no CORS nor CSRF mitigations were in place, allowing me to create a malicious link leading to a one-click account takeover.
Disclaimer: I am not suggesting anyone do any testing without clear consent. I noticed a vulnerability as a happy customer of one of my favorite shops and was intrigued by how easily my account could be manipulated. From there it was curiosity that took me further to find the bugs. I tried to keep it to as few "offensive" actions as possible and reported everything in detail to the shop to help them mitigate the risks, offering my help.
I have a subscription to one of the best coffee shops in London. I'm being sent a bag of freshly roasted beans once a week, along with an email suggesting I change the preferences of beans or delivery schedule.
I have used the link many times; when I wanted to skip a delivery or push it forward; it was a quick and easy way to access my account. No login barriers or interference - slick and easy customer experience.
For some reason, last week after updating my preference to an earlier shipment as I was out of coffee, I noticed something weird: accidentally removing one character of the link's token did not matter. I was still able to view the contents of my preference, make changes and update my account.
DevOps and Cloud computing are joined at the hip, now that fact is well appreciated by the organizations that engaged in SaaS cloud and developed applications in the Cloud. During the COVID crisis period, most of the organizations have started using cloud computing services and implementing a cloud-first strategy to establish their remote operations. Similarly, the extended DevOps strategy will make the development process more agile with automated test cases.
What is DevOps? How are organizations transitioning to DevOps? Is it possible for organizations to shift to enterprise DevOps? Read more to find out!
What is DevOps? What are the goals it helps achieves? What are its benefits? This article has answers!
The year 2020 has arrived, and its arrival brings a lot of innovations and transformations in the Information and Technology (IT) sector to DevOps technologies.
DevOps is supposed to help streamline the process of taking code changes and getting them to production for users to enjoy. But what exactly does it mean for the process to be "streamlined"? One way to answer this is to start measuring metrics.