Connect with us

Hi, what are you looking for?

Tech & Science

OWASP discloses data breach caused by misconfiguration

OWASP’s goal is to help organizations find problems with their web applications, application code, and server frameworks.

Homework: Image by Tony Alter (CC BY 2.0)
Homework: Image by Tony Alter (CC BY 2.0)

The Open Worldwide Application Security Project (OWASP) Foundation, a nonprofit foundation launched in December 2001 that focuses on software security, has disclosed a data breach after some members’ resumes were exposed online due to a misconfiguration of its old Wiki web server.

Looking into this cybersecurity matter for Digital Journal is Jason Kent’s, Hacker In Residence at Cequence Security.

Kent begins by stating why this particular cybersecurity incident has caught his attention: “As a member and someone who participates in this community, this obviously makes me sad and ask questions. OWASP’s goal is to help organizations find problems with their web applications, application code, and server frameworks.”

The expert then proceeds to look at the significance of the incident: “To have a web application data breach is a bit of egg on the face of OWASP as a whole but, we aren’t the kind of folks that wonder why. We get to the heart of it, fix it, and make sure everyone knows what happened and how to stop it.”

In terms of the impact of the incident, Kent assesses: “The data that was lost, at the newest, was a decade to almost 2 decades old. This fact doesn’t make the loss of data any better but remember, immediately prior to 2014 every person in the USA’s data was lost when Equifax was breached and all of that data was extremely up to date. OWASP no longer collects this data and has moved to new systems.”

From any major event, learning from the situation provides at least something tangible from a disaster. Here Kent poses: “So what can be learned? Directory Traversal needs to be disabled (it is by default on most systems now) and data retention policies are extremely important for a reason. If they had purged all data when they moved to the new systems a couple of years ago, this wouldn’t have happened. If you read the announcement from OWASP you can see the steps they are taking and you should take if you are part of this”

Kent cautions that the incident could be repeated and this means several firms could well be vulnerable to a future attack. Here he states: “If it can happen to an organization of volunteers that are wanting the world to be a safer place, it can happen to your organization of security professionals dedicated to your environment being a safer place.”

The recent transparency with the cybersecurity event brings Kent to conclude: “Thank you to OWASP for being open and honest and being an example of how to respond when the inevitable happens.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

Nvidia says nations interested in building their own 'sovereign AI' are among the customers driving demand for its chips - Copyright GETTY IMAGES NORTH...

Business

The Republican-backed Financial Innovation and Technology for the 21st Century Act -- known as FIT21.

Social Media

Digital vigilantism refers to the individuals or groups use the Internet, especially social media, to enforce justice as they see it.

World

A screen grab of a video released by the Colombian Presidency of the wrecked Spanish galleon San Jose - Copyright Colombian Presidency/AFP -Colombia on...