This is part 3 of a series of blog posts looking at the security of the UK Government's web infrastructure. Britain's National Health Service is riddled with old and insecure WordPress-based websites. Many of these sites have severe flaws including being vulnerable to XSS attacks. There is absolutely no suggestion that patient data or confidentiality…
Continue reading →
This is part 2 of a series of blog posts looking at the security of the UK Government's web infrastructure. Many XSS flaws rely on altering the GET parameters of a request. Some webmasters seem to think that if their forms only use POST they will be immune from the XSS. This is not the…
Continue reading →
This is part 1 of a series of blog posts looking at the security of the UK Government's web infrastructure. The UK Parliament website is pretty great. It houses a huge amount of historical information, lets people easily see what's happening in the Commons and the Lords, and is run by some really clever people.…
Continue reading →
I'm really late to the party on this one - so this blog post is mostly an aide-mémoire. The web is built on three fundamental components: HTML - the structure of the page. CSS - how the page is styled. JavaScript - the interactivity. Typically, the website owner sets up the CSS to say links…
Continue reading →