MoD flaw down to XSS vulnerabilities, say experts

2009-08-13

By Editor, CIR

Cross site scripting (XSS) is responsible for vulnerabilities on the Ministry of Defence's website, according to experts. Richard Kirk, director of software firm Fortify, said, "XSS vulnerabilities are often found in web applications which allow code injection by malicious Internet users into the pages viewed by other users. Examples of these flaws include client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy," he said.

"Research by Symantec in 2007 revealed that around 80 per cent of documented site vulnerabities were down to XSS security problems," he added.

According to Kirk, in many cases of an XSS-driven infection, the infected user is usually unaware his/her computer has been compromised, and is leaking information

This, is he explained, what makes XSS flaws so insidious, as -- in common with other similar security problems -- the flaw on the MoD website could have re-routed users to a second, infected portal.

Home More News

CIR Services Guide 2010 coming soon!

MAXIMUM EXPOSURE TO A TARGETED AUDIENCE

To feature both online and in print ACT NOW!

> Search
> Digital

> Update > Advertise

Most Read Stories

SunGard to launch new risk assessment software

SMEs face raft of legal changes

Alarm launches risk modelling tool for public sector

Energy bill set to increase dramatically for UK businesses

Police apply anti-terror measures to cybercrime

Major companies 'change risk management strategy'

Crawford makes senior management changes

FSA welcome for conflict of interest guidelines