Insecure Third Party Domain Access

ASDR Table of Contents

Last revision (mm/dd/yy): //

Description
Occurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.

Environments Affected


 * Web servers
 * Application servers
 * Client Machines

Risk Factors

 * Allowing hosted content from an untrusted server into a trusted application: affecting the server, server environment, and client machine.
 * No confirmation of Third Party Controls.

Examples
This following type of development uses an iframe to insert a third party hosted flash into a trusted an application. The site hosting the content could vulnerable to attack. As such, all content hosted on that site would be vulnerable to inheriting malicious content. 

Related Attacks
Cross-Site_Request_Forgery

Related Vulnerabilities
TBD

Related Controls
TBD