|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: InfoSec News (alerts
infosecnews.org)
Date: Tue May 04 2010 - 00:44:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=224700547
By Tim Wilson
DarkReading
May 03, 2010
You would think that of all people, the developers of the UK's
Cybersecurity Challenge website would be the most scrupulous about
finding security vulnerabilities before they happen. But according to
researchers, cross-site scripting (XSS) flaws happen to them, too.
According to a report on the Netcraft security site, an XSS
vulnerability already has been uncovered on the Cyber Security Challenge
UK website, before the site has even been made ready for candidates to
register.
The Cybersecurity Challenge was established by a management consortium
of key figures in cyber security, and is designed to test the mettle of
security professionals.
The simple coding error was demonstrated a short while ago by James
Wheare, according to the report. Wheare told Netcraft that he was
prompted to look for the hole after reading a friend's tweet, and
noticed insufficient encoding in the page's tags.
[...]
_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]