Security Expert Re: Critical Glassdoor Vulnerability Impacts Both Job Seekers And Employers

A critical CSRF vulnerability found on the Glassdoor company review platform impacted both job seekers and employers on the web domain.  The vulnerability could be exploited to take over accounts.  

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jayant Shukla
Jayant Shukla , CTO and co-founder
InfoSec Expert
December 14, 2020 4:23 pm

The discovery of a CSRF vulnerability in the Glassdoor site is a good reminder that CSRF remains a critical web application risk, and has appeared often on the OWASP Top 10 web application risks list. The fact that CSRF vulnerabilities continue to exist in web sites and applications like Glassdoor shows that not enough organizations test and protect their websites and applications against common web application vulnerabilities.

NIST recently updated their SP800-53 Security and Privacy Framework to add focus on these issues by including RASP (Runtime Application Self-Protection) and IAST (Interactive Application Security Testing). These types of security solutions more effectively target the risks outlined by the current and past OWASP Top 10 lists.

Last edited 1 year ago by Jayant Shukla
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x