Four XSS vulnerabilities have today been reported on popular and trusted travel website TripAdvisor. The vulnerabilities allow hackers to modify page content and carry out more complicated attacks such as stealing user credentials and posting false reviews: https://www.xssposed[dot]org/incidents/52800/
Additionally yesterday, an XSS vulnerability was found on Uber, a service that allows you to get a taxi, private car or rideshare directly via an app on your mobile phone. Uber had just announced a pre-IPO financing round for $50bn, but its XSS vulnerabilities put visitors at risk of being compromised via theft of cookies, personal details, authentication credentials and browser history: https://www.xssposed[dot]org/incidents/52799/
Security vulnerabilities like these are a major threat as they offer an easy access front door for hackers to take advantage of. Websites certified as secure are often more vulnerable to hacking and, in its most recent blog post, information security expert High-Tech Bridge explains why XSS flaws like Uber and TripAdvisor’s are so dangerous, yet commonplace: https://www.htbridge[dot]com/blog/xss_the_easiest_way_to_hack_your_website_in_2014.html
So how do companies with an online presence find these XSS vulnerabilities before hackers do? Well according to Arstechnica, not through automated scanners alone: http://arstechnica[dot]com/security/2014/12/sites-certified-as-secure-often-morevulnerable-to-hacking-scientists-find/
The way to protect your online business is through on-demand ethical hacking services such as ImmuniWeb, which combine automated scanning with manual penetration testing by security experts to prevent security problems before they occur. Basically, people are the missing link so, with ImmuniWeb, a team of auditors assigned to the website security assessment perform manual testing for vulnerabilities in parallel with the automated security scanner, while also monitoring the scanner to confirm nothing is missed.