Read more articles in Cenzic SmartAttack Updates for Web Vulnerabilities
|
 |
| January 09, 2009 | | Frame Injection Vulnerability added as brand new Cenzic SmartAttack |  Cenzic's batting a 1000 in the New Year as we’ve added a second brand new SmartAttack to our library – the Frame Injection Vulnerability is now included as of January 9, 2009.
What is a Frame Injection Attack?
A frame injection attack is increasing in popularity with the advent of dynamic HTMLs and the increased number of Websites loading content into frames or iFrames, this new vulnerability is ubiquitous in the Web world. Frame injection was recently used to spoof a Gmail login page for a phishing attack. If input is not properly validated, attackers can give malicious links as inputs to a GET or POST that will get loaded into a frame or iFrame and compromise user security. Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to use when it emulates a hacker and attacks our customer’s Websites to detect their security posture. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types. by
Erin Swanson, Marketing
Eswanson@cenzic.com | | |
|
|
