Unethical design by negligence

TL;DR: I take two examples of design choices that are problematic in terms of ethics and compliance with the GDPR. Reseplaneraren, a travel planner and FMTK, a fitness app. Both of these apps are from government controlled entities and both are tax funded.

Responsible disclosure note: Research was initiated September 2017, and by October 2017 both had acknowledged that they had received my report. A shorter version of this blog post was published on my Medium blog in September 2017.

Continue reading “Unethical design by negligence”

Exploiting my own WordPress part 3 – ZAP and Securityheaders.io

TL;DR: 
ZAP find  almost a 1000 potential vulns in my site. I patch them with a plugin – or so I thought – and get MORE vulnerabilities – or do I? 

ZAP is a Flagship Project from OWASP. I adore OWASP for its work on Top 10 lists for Web and Mobile Vulnerabilities, and their Cheat Sheets for defense. I know it is in every pen testers arsenal, so let’s go look at it!

Continue reading “Exploiting my own WordPress part 3 – ZAP and Securityheaders.io”