Securing Web Services

Being an IT professional, I’m aware of the need for security over web services.

Depending on the data, there are various levels of protection, such as passing a username and password of the user, through to more complex solutions using Oauth

However Moonpig have done a brilliant job with theirs, allowing all customer data to be available via web service call with absolutely no security at all.

From the looks of it, you can even place orders online and view limited credit card information.

Luckily they have closed the issue by disabling the web service, only took them since 2013…

Read full article

Leave a Reply