Solved

Assess if java script has insecure coding issue

Posted on 2016-08-12
1
181 Views
Last Modified: 2016-08-15
Refer to attached text file which has a javascript from our vendor who will be doing
tagging onto our website pages.

Also refer to another article id 28961487 in EE for background:
https://www.experts-exchange.com/questions/28961487/Mitigations-for-tagging-aggregator-sites-to-our-site.html

Q1:
Does the few lines of java script pose security concern other than capturing potential customer's
personal data (this is Ok but not capturing more than that)

Q2:
Does the java script codes violate any OWASP Top 10 secure coding practices?
AggregatorMkg_JavaTag.txt
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 58

Accepted Solution

by:
Julian Hansen earned 500 total points
ID: 41753775
I don't see any issues with the script. All it does is create a random number which it inserts into the URL that is used in a dynamically created <iframe>. No other information appears to be passed in the src other than the hardcoded variables and the random number.
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question