Insecure Third Party Domain Access

ASDR Table of Contents

Last revision (mm/dd/yy): //

Description
Occurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.

Environments Affected


 * Web servers
 * Application servers
 * Client Machines

Risk Factors

 * Allowing hosted content from an untrusted server into a trusted application: affecting the server, server environment, and client machine.
 * No confirmation of Third Party Controls.

Examples
This following example is a common method to insert third party hosted content into a trusted an application. If the hosting site is vulnerable to attack, all content delivered to an application would be vulnerable malicious changes. 

Related Attacks
Cross-Site_Request_Forgery

Related Vulnerabilities
TBD

Related Controls
TBD