The Cybersecurity and Infrastructure Security Agency and the FBI have released a Secure by Design Alert concerning cross-site scripting vulnerabilities, or XSS.
CISA said Tuesday that XSS can be prevented and ought not to be present in software products, yet they continue to appear, providing threat actors with exploit opportunities.
According to the alert, XSS can be brought about by the failure of a software maker to properly escape, validate or sanitize inputs, making it possible for threat actors to inject malicious scripts into web applications.
The alert calls on leaders at technology manufacturers to instruct personnel to conduct a review of such deficiencies and develop a strategic plan to prevent them moving forward.
The alert also recommends that technology manufacturers review the principles of secure by design software as outlined in a previous guidance.
The Potomac Officers Club’s 2024 Intel Summit will bring together top Intelligence Community officials, government decision-makers and industry executives to discuss the future of American intelligence. Register now to attend this important event!