XSS Vulnerabilities Happen To Everybody

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=224700547

By Tim Wilson
DarkReading
May 03, 2010 

You would think that of all people, the developers of the UK's 
Cybersecurity Challenge website would be the most scrupulous about 
finding security vulnerabilities before they happen. But according to 
researchers, cross-site scripting (XSS) flaws happen to them, too.

According to a report on the Netcraft security site, an XSS 
vulnerability already has been uncovered on the Cyber Security Challenge 
UK website, before the site has even been made ready for candidates to 
register.

The Cybersecurity Challenge was established by a management consortium 
of key figures in cyber security, and is designed to test the mettle of 
security professionals.

The simple coding error was demonstrated a short while ago by James 
Wheare, according to the report. Wheare told Netcraft that he was 
prompted to look for the hole after reading a friend's tweet, and 
noticed insufficient encoding in the page's tags.

[...]


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/