Appscan security vulnerabilities in responsive
Post here questions and problems related to editing and publishing DITA content.
-
jasone
- Posts: 10
- Joined: Wed May 17, 2017 8:23 pm
Appscan security vulnerabilities in responsive
Hi,
We added responsive Web Help to a couple of products last year. Now there is a new requirement to run products through a security scan before shipping, using a tool called Appscan. Appscan finds many security vulnerabilities with the responsive web help. According to our developer, one issue is that an attacker can use ‘document.write’ to inject scripts codes OR use the ‘http.open(uri)’ to update /delete our database.
Any suggestions on how to resolve this? Otherwise we probably cannot use responsive, which is a shame since otherwise it's great.
Thanks,
Jason
We added responsive Web Help to a couple of products last year. Now there is a new requirement to run products through a security scan before shipping, using a tool called Appscan. Appscan finds many security vulnerabilities with the responsive web help. According to our developer, one issue is that an attacker can use ‘document.write’ to inject scripts codes OR use the ‘http.open(uri)’ to update /delete our database.
Any suggestions on how to resolve this? Otherwise we probably cannot use responsive, which is a shame since otherwise it's great.
Thanks,
Jason
-
bogdan_cercelaru
- Posts: 222
- Joined: Tue Jul 01, 2014 11:48 am
Re: Appscan security vulnerabilities in responsive
Post by bogdan_cercelaru »
Hello,
We ensure that we do our best to meet the most demanding security standards and we are continuously improving our products.
I cannot identify such a vulnerability in our WebHelp Responsive output published using the latest version of Oxygen XML Editor (v20.1). To further investigate this we need more information and the complete report of the AppScan in order to analyze the specific files/code.
It will be very appreciated if you could provide us the following information on our technical support email:
Bogdan
We ensure that we do our best to meet the most demanding security standards and we are continuously improving our products.
I cannot identify such a vulnerability in our WebHelp Responsive output published using the latest version of Oxygen XML Editor (v20.1). To further investigate this we need more information and the complete report of the AppScan in order to analyze the specific files/code.
It will be very appreciated if you could provide us the following information on our technical support email:
- what version of Oxygen XML Editor are you using to generate WebHelp Responsive
- what kind of customizations are you using (if you are not using one of the built-in transformation scenarios)
- please also point out which files are reported as being vulnerable in the AppScan report
Bogdan
Bogdan Cercelaru
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
Return to “DITA (Editing and Publishing DITA Content)”
Jump to
- Oxygen XML Editor/Author/Developer
- ↳ Feature Request
- ↳ Common Problems
- ↳ DITA (Editing and Publishing DITA Content)
- ↳ SDK-API, Frameworks - Document Types
- ↳ DocBook
- ↳ TEI
- ↳ XHTML
- ↳ Other Issues
- Oxygen XML Web Author
- ↳ Feature Request
- ↳ Common Problems
- Oxygen Content Fusion
- ↳ Feature Request
- ↳ Common Problems
- Oxygen JSON Editor
- ↳ Feature Request
- ↳ Common Problems
- Oxygen PDF Chemistry
- ↳ Feature Request
- ↳ Common Problems
- Oxygen Feedback
- ↳ Feature Request
- ↳ Common Problems
- Oxygen XML WebHelp
- ↳ Feature Request
- ↳ Common Problems
- XML
- ↳ General XML Questions
- ↳ XSLT and FOP
- ↳ XML Schemas
- ↳ XQuery
- NVDL
- ↳ General NVDL Issues
- ↳ oNVDL Related Issues
- XML Services Market
- ↳ Offer a Service