http://www.darkreading.com/vulnerabilities---threats/web-app-developers-putting-millions-at-risk/d/d-id/1320720
By Jai Vijayan
Dark Reading
June 4, 2015
A troubling failure by many web application developers to properly secure
how their apps connect to mobile backend-as-a-service systems like
Facebook’s Parse and Amazon’s AWS could be leaving sensitive information
on millions of Internet users vulnerable to compromise.
Researchers at Germany’s LOEWE Center for Advanced Security Research
Darmstadt (CASED) recently issued an alert on the issue, claiming they had
found a stunning 56 million sets of unprotected data in cloud databases
like Parse and AWS. The exposed records included email addresses,
passwords, health records, and other sensitive data belonging to hapless
users of web applications that use these backend web databases, the
researchers said.
At issue is the manner in which many web developers integrate support for
BaaS in their applications, Eric Bodden, principal investigator in secure
services at CASED said in a FAQ on the topic.
Cloud databases like Parse and AWS make it easy for web application
developers to enable data storage and synchronization across multiple
platforms like iOS, Android, Windows, and OS X. Backend-as-a-service
technologies eliminate the need for application developers to set up their
own servers for storing and synchronizing user data. Instead, with just a
few lines of authenticating code, the developers can connect their apps to
backend systems like Parse and AWS and enable the same capability for
users. The weakest form of authentication uses a simple API-token or a
number that is embedded into the app's code.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
