WebGoat, Lua, and ModSecurity verses Password Guessing
Posted in Apache, Learning, Lua, ModSecurity, OWASP, Vulnerability, Web Application, WebGoat on Jan 10th, 2009
Happiness abandoned Twitter this week as it was revealed that an 18-year-old was able to use an automated password-guesser to break into an account. Twitter allowed for an unlimited number of log-in attempts. The hacker used a simple dictionary attack that revealed at 11:00am Monday the password of “happiness.” Once the hacker [...]