During the interview process for my current role of Developer Advocate for API security I was asked to do an informal presentation about HTTPS, and to be sure I would get the role I went deep the rabbit hole and took as many notes as I could in this repo, that I am now making available as a blog post. This is not an exhaustive list of everything I know about HTTPS, but its my intention to keep updating it with more information as my free time allows.
Prestashop Module Send to a Friend allows Spammers to abuse the feature for sending emails to a friend
How I have discovered the security flaws in Prestashop Module - Send to a Friend One customer reported that the in-box for isPrestashop store email was containing hundreds of bounced emails, with spam, so I requested him to forward one of that emails to me. Just by open it, was obvious that the email was originated from is store, by the native Send to a Friend module. This module is installed, by default, on the original Prestashop theme and in many other third part themes.
Responsible Disclosure Recently I made a Responsible Disclosure for 2 security vulnerabilities in Prestashop Module Send to a Friend and provided also the fixes for them in a Github Pull Request. This was done in coordination with Prestashop Core Team to ensure the issue was not public until Prestashop owners of Online Stores have the time to update the module and also to guarantee that the code for the fixes was according to their rules.