After trying to get Tesco to fix the security holes that could expose its online shoppers, software architect and Microsoft MVP Troy Hunt has made a video to demonstrate the risks that hide behind the classic cross-site scripting (XSS) vulnerabilities.
and the blog post
in which the expert explains everything are inspired by the presence of an XSS vulnerability on the site of the retailer.
To prove his point, Hunt has created an apparently secure website which demonstrates the dangers that lie behind unfiltered user inputs, and outputs that are not properly encoded.
The researcher also highlights the risks posed by sites that don’t flag cookies as “HTTP only.”
Users should take a look at this video to know what to look for on a shopping site to see if it’s secure. Developers, on the other hand, should learn how to create websites that don't expose their customers to risks.