Image Download


A vulnerability was discovered in an image server that allowed the download of users’ images from live servers. This was created by the dev team to help debug problems in production and factories. The key questions are:

  • Who is using this today?
  • Who knows about this?
  • Has this vulnerability been exploited?

Bonus points for providing ‘GDPR implications’ mapping of this vulnerability/incident

Objective: Understand and contain issue(s) without any pushes to production

  • You can use any technology you want (ideally ones you have experience with) and any Group Security team size
  • Describe what you would do and how you would act (ideally in diagram format)
  • Who would you talk to?
  • What actions would you take to contain and remediate the issue(s)?

Resources and Technologies available:

  • Techops, Webops, and Dev teams
  • Slack, Jira, Confluence, ELK, Grafana, Nagios, Akamai, AWS, Cisco Firewalls

Back to all challenges

About us

Photobox Group is Europe’s leading digital consumer service for personalised products and gifts and parent of the Photobox, Moonpig, Hofmann and posterXXL brands.

Creative Commons License

© 2018, Photobox Group Security. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Contact

Photobox Group Security
Unit 7, Metal Box Factory
30 Great Guildford Street
London
SE1 0HS
England