.

2014-07-04

Hotel Hippo booking site taken down


HotelHippo has been taken offline after security expert finds various flaws in its IT systems. A hotel booking site has been condemned by a security expert after leaving users personal details easily accessible to hackers. Scott Helme, an information security consultant, uncovered several flaws in the HotelHippo site while trying to book accommodation for a trip to the Lake District.

They included the presence of an SQL injection vulnerability on the site, as well as PCI compliance breaches and HTTPS configuration issues. He was able to test this out further by creating several bookings featuring fake credit card data, which he stressed was information that was irretrievable when pulling out other people’s bookings. Once a booking is made, the site then emails users confirmation of the transaction, which Helme discovered could potentially provide cyber criminals with the ammunition needed to launch a convincing phishing attack.

This is just the last case when high severity vulnerabilities are found in web applications and web sites. This is why at CloudWALL Italia we offers an innovative platform to perform automated security tests against any website as well as web and mobile applications.

CloudWALL WAS | Web Application Security is a Cloud service you use through your browser, so there’s no software to install or maintain. You can accurately and efficiently test your apps, no matter where they are – on internal networks, hosted on the Internet or in Cloud platforms such as Amazon. Relied on by leading companies with some of the most demanding web apps in the world, CloudWALL WAS | Web Application Security will help you safeguard your apps, whether you have just a few apps or many thousands.

Find more details at www.cloudwall.tk/was .

0 comments:

Post a Comment