Linux Today: Linux News On Internet Time.

More on LinuxToday

Penetration Testing Shows Unlikely Vulnerabilities

Oct 26, 2011, 11:00 (0 Talkback[s])

"One of the more interesting hacks that Spider Labs has done is called "Do You Want Fries with that Hack?" The penetration testing team was conducting a test for a large restaurant chain that does take-out orders over the Internet. The initial penetration testing sweep revealed that the Web application used Java and Flash and was not at risk from any common exploits or SQL Injection issues.

Ryan Linn, senior security consultant with SpiderLabs, noted however that the credit card processing was handled by a third party via JavaScript and the testers were able to manipulate payment info as it passed to the third party processing firm.

"What was missing was JavaScript validation," Linn said. "So we adjusted the price of the food and we were able to get a meal delivered for $.50 cents."

Complete Story

Related Stories: