A critical CSRF vulnerability found on the Glassdoor company review platform impacted both job seekers and employers on the web domain. The vulnerability could be exploited to take over accounts.
Jayant Shukla
December 14, 2020
CTO and co-founderK2 Cyber Security
The discovery of a CSRF vulnerability in the Glassdoor site is a good reminder that CSRF remains a critical web application risk, and has appeared often on the OWASP Top 10 web application risks list. The fact that CSRF vulnerabilities continue to exist in web sites and applications like Glassdoor shows that not enough organizations test and protect their websites and applications against common web application vulnerabilities. NIST recently updated their SP800-53 Security and Privacy Framework to add focus on these issues by including RASP (Runtime Application Self-Protection) and IAST (Interactive Application Security Testing). These types of security solutions more effectively target the risks outlined by the current and past OWASP Top 10 lists. Read Less
