0

Some websites have ridiculous security flaws.

Thankfully the public is slowly becoming more aware, and many sites are fixing the more obvious ones, like lack of HTTPS, poor password creation guidelines, and plain text password storage.

But there are still a ton of offenders, and many people don't have someone to correct their behavior.

My question is, are there any sites that exist to expose poor security habits? Something like PTO , but for, say, collecting sensitive information over HTTP?

(I'm asking because I recently encountered a small company's website that collected payment info over HTTP, and wrote them a rather long-winded email about the possible dangers of the practice, and about solutions they could implement free of charge, and was completely ignored.)

Edit:

I am not asking when it's okay, I just want to know if there's a place to do it, or somebody I could contact about it (aside from the site's owner).

Academiphile
  • 245
  • 1
  • 6
  • Are you only concerned about (sensitive) data transmission over HTTP or web application vulnerabilities in general? Because your title is generic but your question seems to refer to HTTP only? – Stef Heylen Jul 15 '16 at 14:02
  • @Stef Heylen I'd say web-app vulnerabilities in general, I referred to HTTP a lot because it's a glaring one to me, and one that I've specifically suffered from – Academiphile Jul 15 '16 at 14:07
  • @Philipp I've seen that one before, but I'd like specific sites that would help with the exposure. It also seemed like the asker was referring more to applications than web-apps, though there's definitely some information there that's applicable – Academiphile Jul 15 '16 at 14:11

1 Answers1

0

Here are three ways.

  1. To expose network configuration and related flaws, security issues can be detected using what is known as a penetration test or pen test.

  2. To expose application-level flaws, security issues can be detected using an AppScan.

  3. Automated tests aren't perfect, and aren't very creative (they just run scripts looking for known weaknesses) so if you're really interested in security you can hire a white hat cracker to try and bust into your system and create a report of issues. Sounds like you are already serving in that role, sort of, and there are people who do this sort of thing professionally as well.

John Wu
  • 9,101
  • 1
  • 28
  • 39