Fortify Says Cross-Site Scripting Issue Needs to Be Tackled

Security Industry Has Had a Track Record of Playing Down Cross-Site Scripting Flaws

(17.06.08) - Fortify Software, the application vulnerability specialist, says that the issue of cross-site scripting flaws needs to be tackled by the Internet and IT security industry in particular, before it gets out of hand.

"A report out this week from security watchdog XSSed has identified no less than 30 cross-site scripting flaws across the sites of McAfee, Symantec and Verisign. The flaws are notable, as they can be used to engineer frauds and/or malware infections on site visitor's PCs," said Rob Rachwald, Fortify's director of product marketing.

"They are also notable because they have been discovered on IT security vendor's sites, so there's a strong chance that similar flaws exist on many other company's portals," he added.

According to Rachwald, the security industry has had a track record of playing down cross-site scripting flaws, but XSSed's report indicates that the problem needs addressing, and addressing quickly.

"Failure to address this problem in a timely manner could see a recurrence of major site hacks using XSS flaws seen on the likes of MySpace and Paypal," he said.

For more on the XSSed report on cross-site scripting flaws: http://tinyurl.com/4wpab2

(Fortify: ra)