Skip to content

Common security vulnerabilities in web applications

I’ve just got back from a round of client meetings, introducing myself to a number of web design agencies in Bath. During one of those meetings I was asked to take a look at a prototype site and comment on some JavaScript issues they were having. I noticed the site was running from a bespoke web application, so being a curious sort I decided to quickly see if there were any obvious vulnerabilities in the code.

The long and the short of it is that within 30 seconds I could easily find XSS (Cross Site Scripting) vulnerabilities – and I’m not claiming by any stretch to be a web security expert.

Any website that accepts user generated content really does need to make sure that it’s  validating and filtering incoming data. It’s far too easy for someone with even the most primitive knowledge of “hacking” to play merry hell with your reputation and customers. Redirecting people to other sites, stealing session cookies, deliberately breaking the site layout, and much much more can be the end result – which really doesn’t look good at all.

So next time someone’s building a web application for you, make sure they aren’t just thinking about SQL Injection vulnerabilities, they’re also thinking about XSS…

This entry was posted in Web Development. Bookmark the permalink.

Comments

Sorry, comments are closed on this page.