The community will be in read-only from Monday 11:59pm (PT) to Wednesday 7:30am (PT)
The community will be in read-only from Monday 11:59pm (PT) to Wednesday 7:30am (PT)
SWFScan
cancel
Showing results for 
Search instead for 
Did you mean: 

Failed to Detect Insecure AllowDomin / AllowInsecureDomain Settings

djtechnocrat
Acclaimed Contributor

Failed to Detect Insecure AllowDomin / AllowInsecureDomain Settings

Overall, the tool is pretty good. But it missed a couple of issues that were detected manually during a recent assessment.


1) External XML loading (via URL in configpath) - not sure this is detectable via static anaylsis?


2) Security.allowDomain() issues - Security.allowDomain(“*”) and Security.allowInsecureDomain(“*”)

1 REPLY
Highlighted
markpainter
Occasional Contributor

Re: Failed to Detect Insecure AllowDomin / AllowInsecureDomain Settings

That is a known bug. At this time, we do not have any plans on releasing an additional version (althought that might change). We are fixing these assessment issues in WebInpsect, though.

//Add this to "OnDomLoad" event