Solved

Assess if java script has insecure coding issue

Posted on 2016-08-12
1
141 Views
Last Modified: 2016-08-15
Refer to attached text file which has a javascript from our vendor who will be doing
tagging onto our website pages.

Also refer to another article id 28961487 in EE for background:
https://www.experts-exchange.com/questions/28961487/Mitigations-for-tagging-aggregator-sites-to-our-site.html

Q1:
Does the few lines of java script pose security concern other than capturing potential customer's
personal data (this is Ok but not capturing more than that)

Q2:
Does the java script codes violate any OWASP Top 10 secure coding practices?
AggregatorMkg_JavaTag.txt
0
Comment
Question by:sunhux
1 Comment
 
LVL 56

Accepted Solution

by:
Julian Hansen earned 500 total points
ID: 41753775
I don't see any issues with the script. All it does is create a random number which it inserts into the URL that is used in a dynamically created <iframe>. No other information appears to be passed in the src other than the hardcoded variables and the random number.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question