Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The Offices' proposal is designed to improve the security of new versions of programs.
CISA and the FBI have called on technology companies to review their software to prevent the presence of XSS vulnerabilities in future releases. Cross-site scripting vulnerabilities remain a problem for many modern products, despite the fact that they can be completely avoided if proper development standards are followed.
The agencies emphasized that XSS vulnerabilities provide attackers with additional opportunities for attacks, including injecting malicious scripts into web applications. This can lead to data manipulation, theft, or misuse in a variety of contexts. Such vulnerabilities arise due to errors in validation, cleansing, and shielding of input data.
Representatives of CISA and the FBI recommended that technology executives conduct formal software reviews in order to implement the principles of secure development, which will completely eliminate XSS vulnerabilities. In the joint warning, the agencies also noted that data cleansing methods alone are not enough to prevent threats - additional security measures are needed, such as checking the structure and content of input data, as well as the use of modern web frameworks with shielding and encoding features.
To improve code security, CISA and FBI experts advise conducting thorough audits and testing throughout the development lifecycle. Such measures will help prevent vulnerabilities from appearing in future software releases. According to MITRE, XSS vulnerabilities are the second most dangerous vulnerabilities in software, second only to out-of-bounds vulnerabilities.
Source
CISA and the FBI have called on technology companies to review their software to prevent the presence of XSS vulnerabilities in future releases. Cross-site scripting vulnerabilities remain a problem for many modern products, despite the fact that they can be completely avoided if proper development standards are followed.
The agencies emphasized that XSS vulnerabilities provide attackers with additional opportunities for attacks, including injecting malicious scripts into web applications. This can lead to data manipulation, theft, or misuse in a variety of contexts. Such vulnerabilities arise due to errors in validation, cleansing, and shielding of input data.
Representatives of CISA and the FBI recommended that technology executives conduct formal software reviews in order to implement the principles of secure development, which will completely eliminate XSS vulnerabilities. In the joint warning, the agencies also noted that data cleansing methods alone are not enough to prevent threats - additional security measures are needed, such as checking the structure and content of input data, as well as the use of modern web frameworks with shielding and encoding features.
To improve code security, CISA and FBI experts advise conducting thorough audits and testing throughout the development lifecycle. Such measures will help prevent vulnerabilities from appearing in future software releases. According to MITRE, XSS vulnerabilities are the second most dangerous vulnerabilities in software, second only to out-of-bounds vulnerabilities.
Source
