Student detects vulnerability in Indian Certificate of Secondary Education website
TNN Jun 17,
AHMEDABAD: A class XI student from Rajkot has reported cross-site scripting (XSS) vulnerability to the Indian Certificate of Secondary Education (ICSE) website.Monark Modi, the young web security enthusiast, told TOI that he was checking the central board results for class X earlier this month. "At that time, I came across a glitch that I could exploit with a simple authentication bypass technique. Once I entered the dashboard, I could see pages containing the results of 13,000 students. I was shocked as with the proper knowledge, it could have been manipulated by someone," he said.
According to a report by an online security major, cross-site scripting was found to be a reason for security vulnerability in 84% of cases. Experts say that better coding and monitoring cookies and scripts active at the time of functioning can reduce the risk.Modi said that he has so far reported XSS related glitches to more than 12 sites of various industries. "More often than not, the company officials invest in designs and features and ignore the security aspect. In major websites where hundreds or thousands visit everyday, it can lead to instances ranging from identity theft to financial fraud," he said.
No comments:
Post a Comment