[ OWASP - Montreal ] [ OWASP - Montréal ] XSFR/CSFR testing difficulty level
Philippe Gamache
philippe at gamache.com
Mon Dec 1 23:47:17 EST 2008
Benoit Guerette wrote:
> How do you flag this on a pen test report. It is a vulnerability,
> resulting in a denial of service, but with low impact.
>
> Any Cross-site scripting vulnerability mean PCI-DSS failed on a
> report, so for PCI failed.
>
> But other pen test, do you mark it as low, and the business will
> decide if they fixed it or not?
>
There is way to block any connection using this... Exemple, display an
image from an other site. This site will just have to do a rewrite the
response with an 401 errors, redirecting to your login...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: philippe.vcf
Type: text/x-vcard
Size: 131 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-montreal/attachments/20081201/e7fff5aa/attachment.vcf
More information about the Owasp-montreal
mailing list