Expert Comments

Security Expert Reaction On Ticktok Patches Reflected XSS Bug That Could Have Been Chained To Hijack Accounts

Expert(s): ISBuzz Staff
Expert(s): ISBuzz Staff

TikTok patched a reflected XSS security flaw and a high severity bug that were identified in August and that could have led to potential account takeover, impacting the firm’s web domain. 

Experts Comments

November 24, 2020
Jayant Shukla
CTO and Co-Founder
K2 Cyber Security
The two vulnerabilities discovered in the TikTok website, Reflected XSS and CSRF are two commonly known web application risks that are part of the long standing OWASP Top 10 web application security risks. Reflected XSS is part of the Cross Site Scripting (XSS) category of risks and CSRF is part of the Injection category. The fact that these types of vulnerabilities continue to exist in web sites and applications like TikTok shows that not enough organizations test and protect their websites.....Read More
The two vulnerabilities discovered in the TikTok website, Reflected XSS and CSRF are two commonly known web application risks that are part of the long standing OWASP Top 10 web application security risks. Reflected XSS is part of the Cross Site Scripting (XSS) category of risks and CSRF is part of the Injection category. The fact that these types of vulnerabilities continue to exist in web sites and applications like TikTok shows that not enough organizations test and protect their websites and applications against the OWASP Top 10. NIST recently updated their SP800-53 Security and Privacy Framework to add focus on these issues by including the requirement for RASP (Runtime Application Self-Protection) and IAST (Interactive Application Security Testing). These types of security solutions specifically target the risks outlined by the OWASP Top 10.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Report Says Russian Hackers Haven’t Eased Spying Efforts, Expert Weighs...

BitMart Attack – Combatting Cyber Criminals’ Crypto Appetite

Expert Comments: Spar Stores Hit By Major Cyberattack

Expert Comment: Ceeloader Malware

Planned Parenthood LA breached, Experts Weigh In

Data Security Comment: Colorado Energy Company Loses 25 Years Of...

Colorado Energy Company DMEA Loses 25 Years Of Data After...

Governemnt Data Breach Of New Years Honours Recipients

New Malvertising Campaign Spreads Backdoors, Malicious Chrome Extensions

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts