DEV Community

Cover image for An interactive tutorial of the Capital One data breach
Gyan Chawdhary
Gyan Chawdhary

Posted on

An interactive tutorial of the Capital One data breach

Paige Thompson was accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers.

Paige had exploited a Server Side Request Forgery vulnerability (SSRF) to invoke the AWS meta-data endpoint and subsequently steal authentication tokens to gain access to Capital One's internal network.

The following interactive tutorial is a reconstruction of this data breach incident that exposed the records of almost 106 million customers, how Paige exploited this vulnerability and steps developers can take to mitigate against SSRF vulnerabilities.

DEMO - https://application.security/free-application-security-training/server-side-request-forgery-in-capital-one

Top comments (0)