A critical CSRF vulnerability found on the Glassdoor company review platform impacted both job seekers and employers on the web domain. The vulnerability could be exploited to take over accounts.
The discovery of a CSRF vulnerability in the Glassdoor site is a good reminder that CSRF remains a critical web application risk, and has appeared often on the OWASP Top 10 web application risks list. The fact that CSRF vulnerabilities continue to exist in web sites and applications like Glassdoor shows that not enough organizations test and protect their websites and applications against common web application vulnerabilities.
NIST recently updated their SP800-53 Security and Privacy Framework to add focus on these issues by including RASP (Runtime Application Self-Protection) and IAST (Interactive Application Security Testing). These types of security solutions more effectively target the risks outlined by the current and past OWASP Top 10 lists.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics