Appscan security vulnerabilities in responsive

jasone
Posts: 10
Joined: Wed May 17, 2017 8:23 pm

Appscan security vulnerabilities in responsive

Post by jasone » Fri Sep 21, 2018 4:42 pm

Hi,
We added responsive Web Help to a couple of products last year. Now there is a new requirement to run products through a security scan before shipping, using a tool called Appscan. Appscan finds many security vulnerabilities with the responsive web help. According to our developer, one issue is that an attacker can use ‘document.write’ to inject scripts codes OR use the ‘http.open(uri)’ to update /delete our database.

Any suggestions on how to resolve this? Otherwise we probably cannot use responsive, which is a shame since otherwise it's great.

Thanks,
Jason

mdslup
Posts: 110
Joined: Tue Mar 06, 2018 1:34 am

Re: Appscan security vulnerabilities in responsive

Post by mdslup » Mon Sep 24, 2018 10:03 pm

I'd like to see an answer to this as well.

bogdan_cercelaru
Posts: 211
Joined: Tue Jul 01, 2014 11:48 am

Re: Appscan security vulnerabilities in responsive

Post by bogdan_cercelaru » Tue Sep 25, 2018 12:43 pm

Hello,

We ensure that we do our best to meet the most demanding security standards and we are continuously improving our products.
I cannot identify such a vulnerability in our WebHelp Responsive output published using the latest version of Oxygen XML Editor (v20.1). To further investigate this we need more information and the complete report of the AppScan in order to analyze the specific files/code.
It will be very appreciated if you could provide us the following information on our technical support email:
  • what version of Oxygen XML Editor are you using to generate WebHelp Responsive
  • what kind of customizations are you using (if you are not using one of the built-in transformation scenarios)
  • please also point out which files are reported as being vulnerable in the AppScan report
Regards,
Bogdan
Bogdan Cercelaru
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com

Post Reply