Website security

From: Ish Sookun <ish_at_hacklog.in>
Date: Thu, 9 Apr 2015 10:24:09 +0400

Hello,

I very often argue that one way to find vulnerabilities on a website (or
application) is by making the app produce an error. As it happens, poor
error handling in webapps reveal most of the times certain unsecured parts
of the app.

Now, what happens if a web developer leaves the application's "error log"
inside a public directory? A similar situation exist at MIPA[1] and
onlyrent.mu.

I am copy'ing the message to info_at_onlyrent.mu. I could not find any email
address for contacting MIPA unfortunately.

[1] Mauritius Institute of Professional Accountants (mipa.mu)

Regards,

-- 
​Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Thu Apr 09 2015 - 06:24:22 PST

This archive was generated by hypermail 2.3.0 : Thu Apr 09 2015 - 06:27:02 PST