Honeywell WebSite Open to XSS and More
Shadab Siddiqui a security researcher have just revealed several critical vulnerability at honeywell.com , redhat.com, pinterest.com, alshaya.com websites, cross site scripting vulnerability allows attacker to inject an iframe in the website to run a malicious script on visitors computers. Also it is possible to conduct a click jacking attack where a hacker can use a malicious script to urge user when clicking on any link to execute a malicious command.
Some snapshot for vulnerable URL’s were posted while having XSS vulnerability on a website will decrease client trust and makes customers at risk. As for Honeywell it should be one of the most secured website that uses all necessary security measures like web application firewalls and other requirement but this prove that even most secured website can be breached at any time.
If you are a web owner try to not rely totally on security perimeters like IPS/IDS and WAF’s make sure that you have all required updates and security patches, constantly monitor all your logs with a centralized solution to detect the intrusion at an early stage, also you can check your website with COREvidence one of the best vulnerability scanner that include all what you need to identify any bug before hackers do.
With COREvidence you can run the free scan to check your facilities against latest attacks, no need to update, no need to configure anything, XSS, SQL Injection or any other unknown vulnerability will be detected. Here you can run a black box scan behind all security measures and a white box scan directly on the webserver.
You can read a previous review for this solid solution.