Appscan security vulnerabilities in responsive
Posted: Fri Sep 21, 2018 4:42 pm
Hi,
We added responsive Web Help to a couple of products last year. Now there is a new requirement to run products through a security scan before shipping, using a tool called Appscan. Appscan finds many security vulnerabilities with the responsive web help. According to our developer, one issue is that an attacker can use ‘document.write’ to inject scripts codes OR use the ‘http.open(uri)’ to update /delete our database.
Any suggestions on how to resolve this? Otherwise we probably cannot use responsive, which is a shame since otherwise it's great.
Thanks,
Jason
We added responsive Web Help to a couple of products last year. Now there is a new requirement to run products through a security scan before shipping, using a tool called Appscan. Appscan finds many security vulnerabilities with the responsive web help. According to our developer, one issue is that an attacker can use ‘document.write’ to inject scripts codes OR use the ‘http.open(uri)’ to update /delete our database.
Any suggestions on how to resolve this? Otherwise we probably cannot use responsive, which is a shame since otherwise it's great.
Thanks,
Jason