Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Assess if java script has insecure coding issue

Posted on 2016-08-12
1
Medium Priority
?
196 Views
Last Modified: 2016-08-15
Refer to attached text file which has a javascript from our vendor who will be doing
tagging onto our website pages.

Also refer to another article id 28961487 in EE for background:
https://www.experts-exchange.com/questions/28961487/Mitigations-for-tagging-aggregator-sites-to-our-site.html

Q1:
Does the few lines of java script pose security concern other than capturing potential customer's
personal data (this is Ok but not capturing more than that)

Q2:
Does the java script codes violate any OWASP Top 10 secure coding practices?
AggregatorMkg_JavaTag.txt
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 59

Accepted Solution

by:
Julian Hansen earned 2000 total points
ID: 41753775
I don't see any issues with the script. All it does is create a random number which it inserts into the URL that is used in a dynamically created <iframe>. No other information appears to be passed in the src other than the hardcoded variables and the random number.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question