Vulnerability in Third-party components
Analysis:
In web app vulnerability scanning, vulnerability in third-party components are always missed by scanners as components reside in off-site domains.
There have been XSS vulnerabilities identified:
http://jeremiahgrossman.blogspot.com/2010/06/full-disclosure-our-turn.html
Lesson Learnt:
Manual testing and reviewing third-party components is necessary to detect vulnerabilities. It's not worth to leak security flaws through buggy 3rd party components.
In web app vulnerability scanning, vulnerability in third-party components are always missed by scanners as components reside in off-site domains.
There have been XSS vulnerabilities identified:
http://jeremiahgrossman.blogspot.com/2010/06/full-disclosure-our-turn.html
http://yehg.net/lab/pr0js/advisories/sites/adbard.net/%5Badbard.net%5D_xss?1297312908 |
Lesson Learnt:
Manual testing and reviewing third-party components is necessary to detect vulnerabilities. It's not worth to leak security flaws through buggy 3rd party components.
Comments
Post a Comment