RKG Logo 434-978-4300
Alan Rimm-Kaufman

Is Your Online Store Vulnerable To CSRF and XSS Attacks?

Title: Is Your Online Store Vulnerable To CSRF and XSS Attacks?
URL: http://www.rimmkaufman.com/rkgblog/2008/11/07/csrf-and-xss/
Printed: January 6, 2009
Source: The Rimm-Kaufman Group Blog, info@rimmkaufman.com

Ing Direct. New York Times. YouTube. Digg. Google.

These (and many other well-engineered sites) have been compromised by XSS and CSRF attacks in the last 18 months.

Here’s an excellent technical powerpoint discussing these newer categories of security threats.

Web Security Horror Stories
View SlideShare presentation or Upload your own. (tags: webapps xss)

Whether you are running home-brew code or using a third party platform, your site faces these dangers.

Marketing folks, check with your technical teams to ensure your site is doing all it can to avoid these vulnerabilities.

If you like this post, consider subscribing to our RSS feed. You can also have new posts sent to you via email.


Possibly Similar Posts

Trackback

http://www.rimmkaufman.com/rkgblog/2008/11/07/csrf-and-xss/trackback/

No Comments Yet

Your comment will be first!

Your Comment

Tags

RKG Tags: ,

Technorati Tags: ,

Email Updates

Categories

Recent Comments

  • George Michie: Happy New Year, John. Market Motive is a good place to start. Keep a close eye on other good blogs: ours, SearchEngineLand, ClickZ....
  • john: Hi George and Happy New Year. I work for large Company who created a new SBU of New Media Specialists, basically resellers of Google And...
  • George Michie: Shelley, I hear you! We had a candidate who listed HTML as a proficiency on her resume. When pressed for specifics she said:...
  • Erin: Actually, I am always wondering this about myself. I surprise myself by what I know, but I don’t feel super confident about my...
  • Shelley Ellis: I like the sports analogy. My husband was a baseball coach for years and I still get tickled thinking about the time a mom told him...
  • AJ @ Web Domains, UK: I think the problem is spamming scripts are being written that target prominent blogging/comments systems such as Movable...
  • Debra Askanase: Hi Alan, Thanks for the quick overview. Just want to point out that the Wufoo outgoing link actually connects to Survey Monkey....
  • George: Vijay, that’s the best idea I’ve heard in months! Rick, your point is well-taken. It’s really noisy, and for many retail...
  • Alan: You can use this toy model in any channel where you can sales definitively tie sales back to an advertisement or promotion using a tracking...
  • Patrick: Nice model. What I’m wondering however is what type of net sales you should include. I believe these should be the sales resulting...
  • Vijay R: With mobile phones being ubiquitous, why not use them as a channel to measure effect of online on offline sales? For instance, offer a...
  • George: Not all of our clients do think this way. Many do, but others are more concerned about share of voice, and the trappings of a good program....
  • Jim Novo: George, I have to ask the same question I asked Alan on his “melons” post - how do we get people to care about profits? Every...
  • Rick Galan: Even doing specific geo-targeted tests really don’t get us all of the way there though. There is so much fluctuation in consumer...
  • Andrew: $800 billion is perhaps “only” 5% of GDP, but it exceeds all of the federal government’s other (individual) outlays....

Blog Stats

  • Posts: 802
  • Words: 356,638
  • Comments: 1,584

Administration