Web Application Penetration Testing reposted this
Founder and CEO of Parabellyx Cybersecurity. Security Testing and Continuous Security Assurance. Toronto | Denver
It's exciting to see IBM X-Force prioritizing XSS as one of the top Cloud Security issues this year. Cross Site Scripting is easy to detect externally and easy to fix. It is also a sign of low code security hygiene. The problem with XSS is that where there is one, there are typically more, and unless you are scanning for these at the code level, it is hard to find all of them.
As you may have heard… IBM’s 2024 X-Force Cloud Threat Landscape report is out. 💡 No big surprises as to the findings – everyone is out for your valid credentials, and phishing and business email compromise are there to lend attackers a hand. ❓ What to do? ✅ You know what to do – protect your data, have a good strategy around identity security, strengthen your incident response, prepare and test often. 💡 Interesting analysis done on the potential impact of vulnerabilities - cross-site scripting is getting a special mention as a potentially significant threat and most damaging common vulnerability. ❓What to do? ✅ If you are an organization – keep an eye out for CVEs and patch often. ✅ If you are a regular user – call your parents/grandparents and tell them not to have a ton of browser tabs open with random websites when dealing with their sensitive accounts (e.g., banking). May be even consider using a separate browser for those special times. 🏁 Also: 1️⃣ Download the report here - https://lnkd.in/giC83WPr 2️⃣ Register for the report webinar on Thu, Oct 17, 11am EDT - https://lnkd.in/gMBTihRA 3️⃣ Reach out to Andrei or his colleagues if you’d like to learn more. Chris Sicard - CISSP / Dhruva Suthar / Christian Couture CISSP / Steve Drennan / Paul Haughey, CISSP, PMP, GICSP, CET / Serge Mélone / George Nastasi / Lise Patton / Daina Proctor / Matthew Schellenberg / Nodin Di Guida / Khaled Hawasli / Adnan Seddighi