This document discusses three cases of web application security breaches and the countermeasures that could have prevented them. Case 1 describes an SQL injection attack that allowed access to credit card data. Parameterized queries and limiting database access could have prevented it. Case 2 involves compromising a Twitter account by guessing password reset questions, demonstrating the risk of sending passwords via email. Isolating admin interfaces could help. Case 3 details how stolen credentials were used across multiple sites due to weak passwords, ultimately compromising personal accounts. Unique, strong passwords and multi-factor authentication are recommended.
This screenshot demonstrates the administrative interface login. The URL is http://admin.twitter.com/admin, and there is BASIC authentication scheme (over HTTPS).This screenshot was taken from http://www.nowhereelse.fr/admin-twitter-hacker-19410/
This screenshot shows the menu of the twitter administrative interface. This screenshot was taken from http://www.nowhereelse.fr/admin-twitter-hacker-19410/