Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CISA Urge Action Against XSS Vulnerabilities

September 18, 2024
Reading Time: 2 mins read
in Alerts

CISA and FBI have issued a Secure by Design Alert to raise awareness about cross-site scripting (XSS) vulnerabilities that continue to be exploited by cyber actors. These vulnerabilities occur when software fails to properly validate or sanitize user inputs, allowing attackers to inject malicious scripts into web applications. Although some developers attempt to mitigate these risks with input sanitization, CISA and FBI emphasize that this approach alone is not sufficient. XSS vulnerabilities can be prevented through a secure by design approach, which requires a comprehensive strategy to eliminate them at the source during the product development cycle.

The alert urges senior executives and business leaders in technology companies to take responsibility for the security of their products by implementing proactive measures to prevent XSS vulnerabilities. These measures include reviewing threat models, ensuring proper input validation, using modern web frameworks that escape potentially harmful inputs, and conducting code reviews and adversarial testing. By adopting these best practices, companies can address vulnerabilities early in development, reducing the likelihood of exploitation and improving the overall security of their products.

In addition to technical measures, CISA and FBI outline three key principles for manufacturers to follow in creating secure software. The first principle, “Take Ownership of Customer Security Outcomes,” emphasizes the need for manufacturers to prioritize security and implement safeguards that prevent vulnerabilities like XSS. The second principle, “Embrace Radical Transparency and Accountability,” encourages manufacturers to track and disclose vulnerabilities through the CVE program, ensuring transparency with customers. The third principle, “Build Organizational Structure and Leadership,” stresses the importance of creating an organizational culture that prioritizes proactive security measures and accountability at all levels of development.

Finally, CISA and FBI encourage technology manufacturers to adopt the Secure by Design Pledge, which outlines specific goals for eliminating systemic vulnerabilities and securing products from the start. This initiative aims to shift the industry towards building secure products as a standard practice, rather than relying on reactive measures such as patching vulnerabilities after they are discovered. By committing to the Secure by Design principles and following the recommended practices, manufacturers can enhance their product security and contribute to a safer digital environment for all users.

 

Reference:

  • Secure by Design Alert: Eliminating Cross-Site Scripting Vulnerabilities

Tags: CISAcross site scripting (XSS)Cyber AlertsCyber Alerts 2024Cyber threatsFBISecureSecure by DesignSeptember 2024
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial