Manga scanlation giant MangaDex has been temporarily shut down after suffering a cyberattack and having its source code stolen. MangaDex is one of the largest manga scanlation (scanned translations) sites where visitors can read manga comics online for free. According to SimilarWeb, MangaDex is the 179th most frequently visited site on the web, with over 76 million visitors per month.
<p>In this recent announcement about a vulnerability at MangaDex, a combination of problems led to the loss of data: the company disclosed that session tokens were able to be re-used, a significant application vulnerability, and the threat actor also reported that other RCE vulnerabilities existed in the site (not verified). </p> <p> </p> <p>If that’s indeed the case, then the site is lacking protection against the types of well known vulnerabilities outlined by the OWASP Top 10 Web Application Security Risks. These vulnerabilities are also addressed by the recent addition of RASP (Runtime Application Self-Protection) to the catalog of tools required by the NIST SP800-53 Security and Privacy Framework updated in September of 2020. </p> <p> </p> <p>Runtime security for web applications is quickly becoming a must have, rather than a nice to have, with the increase in attacks and data breaches that continue to occur.</p>