Security Expert Reaction On Ticktok Patches Reflected XSS Bug That Could Have Been Chained To Hijack Accounts

By   ISBuzz Team
Writer , Information Security Buzz | Nov 24, 2020 02:44 am PST

TikTok patched a reflected XSS security flaw and a high severity bug that were identified in August and that could have led to potential account takeover, impacting the firm’s web domain. 

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jayant Shukla
Jayant Shukla , CTO and Co-Founder
November 24, 2020 10:47 am

The two vulnerabilities discovered in the TikTok website, Reflected XSS and CSRF are two commonly known web application risks that are part of the long standing OWASP Top 10 web application security risks. Reflected XSS is part of the Cross Site Scripting (XSS) category of risks and CSRF is part of the Injection category. The fact that these types of vulnerabilities continue to exist in web sites and applications like TikTok shows that not enough organizations test and protect their websites and applications against the OWASP Top 10.

NIST recently updated their SP800-53 Security and Privacy Framework to add focus on these issues by including the requirement for RASP (Runtime Application Self-Protection) and IAST (Interactive Application Security Testing). These types of security solutions specifically target the risks outlined by the OWASP Top 10.

Last edited 3 years ago by Jayant Shukla

Recent Posts

Would love your thoughts, please comment.x