XSS and fixes
Posted June 21, 2011on:
We got a report from a guy who lives in Tokyo on a page of ours that is vulnerable to XSS attacks. Seems he sent multiple emails to different companies on the topic. It is a sure way of securing interviews. I hope he run a program to find the holes, instead of finding them by hand 🙂
Anyway, despite my two years in a security infrastructure team, I actually got more education on XSS this time — it is a very common security flaw and was taken advantaged of fairly early in the history of my ex-employer. So the issue was fixed well ahead of my time and I never really paid any attention to how they solved it.