[email protected] 2020: The problem with Parse: A low-code server that endangers over 64,000,000 users

Дата: 10.08.2020. Автор: CISOCLUB. Категории: Подкасты и видео по информационной безопасности

Low-code server platforms provide a necessary service in that they allow all developers regardless of skill the ability to create content and mobile applications. Unfortunately, these low-code solutions also put user data security at risk, because they follow the path of most convenience instead of ensuring that the application will be secure. This talk will focus specifically on the low-code server called «Parse». The Parse Platform is a popular web server similar to Firebase that allows mobile application developers to spin up a fully-fledged backend with API support within a very short amount of time and with very little programming experience. In just a few days of scanning the most popular Google Play applications, I was able to discover several vulnerable Parse instances that potentially endanger the data of a collective 64,000,000 users. In this talk, I will give an overview of the many security issues inherent in the Parse platform, as well as give recommendations to both developers and the maintainers of the Parse Platform for how to improve their security posture.


Об авторе CISOCLUB

Редакция CISO CLUB. Официальный аккаунт. CISO CLUB - информационный портал и профессиональное сообщество специалистов по информационной безопасности.
Читать все записи автора CISOCLUB

Добавить комментарий

Ваш адрес email не будет опубликован.