[Owasp-leaders] opinion regarding issue found in major email provider
owen.pendlebury at owasp.org
Thu Aug 27 14:29:46 UTC 2015
Yeah it is generally considered best practice to remove test data before
deploying to production.
I've seen this a few times and have been told that there are business
processes in the back-end that will stop it from going through. A bit silly
if you ask me, remove test data or spend a long time verifying card
OWASP Ireland-Dublin Chapter Lead
On 27 August 2015 at 14:47, johanna curiel curiel <johanna.curiel at owasp.org>
> Hi all
> I woudl like to have your opinion on an issue I found during a bug hunting
> A major email provider has a their own store for selling branded t-shirts,
> pen, etc.
> I attempted to buy using a test credit card number. I was able to get a
> confirmation and final transaction with a value of USD2000.
> When I reported the issue, they mentioned to me they did not consider this
> as a vulenrability. I have always understand that deploying to production
> should not contain test data that attackers could use to bypass the system.
> What kind of vulnerability can this be considered if we can consider it a
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders