One very recent blog entry by Paul Moore brought this into stark relief when he reported on a cross site scripting problem on ASDA's website. The issue demonstrated in his video shows just how easily failure to conduct field validation can be exploited, and in this case with a particularly troubling persistent XSS:
Showing posts with label XSS. Show all posts
Showing posts with label XSS. Show all posts
Tuesday, 19 January 2016
Why Do So Few Use Security Headers?
In recent months I've become increasingly perplexed as to why so few websites are employing security headers. They are not a panacea but the security benefits from their use are so large, and the effort required to employ them so small, that I can't see why they are not on the majority of sites that have data input fields..
One very recent blog entry by Paul Moore brought this into stark relief when he reported on a cross site scripting problem on ASDA's website. The issue demonstrated in his video shows just how easily failure to conduct field validation can be exploited, and in this case with a particularly troubling persistent XSS:
One very recent blog entry by Paul Moore brought this into stark relief when he reported on a cross site scripting problem on ASDA's website. The issue demonstrated in his video shows just how easily failure to conduct field validation can be exploited, and in this case with a particularly troubling persistent XSS:
Subscribe to:
Posts (Atom)