Wednesday, February 9, 2011

Vulnerability in Third-party components


In web app vulnerability scanning, vulnerability in third-party components are always missed by scanners as components reside in off-site domains.

There have been XSS vulnerabilities identified:

Lesson Learnt:

Manual testing and reviewing third-party components is necessary to detect vulnerabilities.  It's not worth to leak security flaws through buggy 3rd party components.

No comments:

Post a Comment

secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher secu...