« Testing RESTful Services with AppScan Standard | Main | Handling Complex Scenarios with AppScan's Custom Parameters »

January 19, 2012

Comments

Dotnetchris

The blog post seems more to be about spreading FUD about Microsoft than actually addressing the issue. You blog about a known security flaw, that has already been patched nearly 2 weeks ago.

http://technet.microsoft.com/en-us/security/bulletin/ms12-007

Microsoft has clearly already published this issue along with the 4.2 version of Anti-XSS that closes this security vulnerability.

Where is your link to the fix?

AppSecInsider

@Dotnetchris - have you bothered to look in the "Acknowledgments" section of the Microsoft security bulletin? It was *our team* that disclosed this to Microsoft. We then waited for Microsoft to patch this issue, and only then published the full details of the issue. That's called responsible disclosure. There's no FUD here, just technical details.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name is required. Email address will not be displayed with the comment.)

Follow us on Twitter

AppScan Free Trial


Try IBM Security AppScan software at no charge.

Become a Fan