An interactive tutorial of the Capital One data breach

twitter logo ・1 min read

Paige Thompson was accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers.

Paige had exploited a Server Side Request Forgery vulnerability (SSRF) to invoke the AWS meta-data endpoint and subsequently steal authentication tokens to gain access to Capital One's internal network.

The following interactive tutorial is a reconstruction of this data breach incident that exposed the records of almost 106 million customers, how Paige exploited this vulnerability and steps developers can take to mitigate against SSRF vulnerabilities.

DEMO - https://application.security/free-application-security-training/server-side-request-forgery-in-capital-one

twitter logo DISCUSS
Classic DEV Post from May 18 '19

Aim to Never Stop Learning

It's OK to not know everything. It's OK to be wrong.

Gyan Chawdhary profile image
CEO of Application.Security https://application.security