This website is no longer maintained. The continuation of Red Team at Wootton for the 2018-2019 school year is Cybersecurity Club.

Design Flaws

The Moonpig Bug - Sequential User Identification

Session management is tricky. Obviously, caching user credentials is unsafe. Modern websites employ a variety of techniques, most often assigning active sessions a unique identifier, which is called a token. Besides this single and basic strategy, it is necessary to implement additional checks to maximize safety. [Read More]
Tags: concepts