Recently, we discovered a cross-site scripting vulnerability during a penetration test, which was only made possible using a third-party plugin. What was surprising: the vulnerability seemed to occur only when the website used a specific language. As a result, we took a closer look.
When testing web applications for security flaws, the applications’ handling of different HTTP request methods – also known as verbs – should be considered.Usually, interactions between clients and servers utilize the HTTP methods GET or POST for accessing resources.
From a high level, cross site scripting (short: XSS) can be described as the embedding of foreign code into a trusted context for execution.
In Germany, special regulations apply to operators of critical infrastructures under the Federal Office for Information Security / Bundesamt für Sicherheit in der Informationstechnik (BSI) Act. But who counts as an operator and when are infrastructures classified as critical?
At the beginning of April 2021, information was published that personal data of more than 500 million Facebook users had surfaced in a hacking forum.
Rabinstraße 1
53111 Bonn
Phone: +49 228 50431650
info@e2security.de
