Application security news never stops, and it can be hard to follow all of the incidents that are #AppSec related. In this roundup, I've picked a handful of the most significant news items from January 2019.
Credential Stuffing Attacks are increasing, and free raw material is abundant
Credential stuffing attacks are becoming increasingly common and visible. Two especially visible examples occurred in the last couple of months – Warby Parker and DailyMotion. For more information on credential stuffing attacks, including anatomy of an attack and a diagram, visit the OWASP site here.
A “megabreach” was also discovered this month. As with most such “megabreach” credential dumps, this one seems to be a merged list of multiple older breaches, with a few million newer credentials in the mix.
Troy Hunt’s HaveIBeenPwned has integrated this list, in case you want to check on your credentials.Our latest #AppSec blog discusses credential stuffing, megabreaches, and includes resources to help you find out if you are a victim. Click To Tweet
Tushar Richabadas is a Product Manager for the Barracuda Web Application Firewall and Barracuda Load Balancer ADC. His current areas of focus are Cloud and automation. His prior roles ranged from leading networking product testing teams and technical marketing for HCL-Cisco. Tushar closely tracks the rapidly increasing impact of digital security and is passionate about simplifying digital security for everyone.