XSSposed celebrated its one year anniversary this summer and over the past 12 months the non-profit web vulnerability archive has helped secure websites from 5,000 vulnerabilities, thanks to researchers identifying flaws and risks that they have found in websites such as Microsoft, Apple, Amazon, the BBC and LinkedIn, to name just a few.
In celebration of its first year, the archive recently launched an Open Bug Bounty program, which is an essential step in helping security researchers and website owners coordinate vulnerability disclosure, without putting websites visitors at risk.
Gold Winner CIPR New PRide Awards 2007 – Outstanding Small Consultancy. Silver Winner CIPR PRide Awards 2009 – ICT Cluster. Silver Winner CIPR Midlands - Outstanding Small Consultancy 2011. Finalist CIPR Midlands – Outstanding Small Consultancy 2013.
linkedintwitterfacebook
5,000 websites secured in 1 year thanks to non-profit archive XSSPosed
XSSposed (which stands for 'XSS exposed') was originally created in June 2014 as an open non-profit internet XSS archive where any security researcher can report a Cross-Site Scripting (XSS) vulnerability on any website and get a proper credit for it. The aim of the project is to make Web safer. Researchers can use both Coordinated Disclosure and Full Disclosure to report vulnerabilities, depending on their preferences.
1,200 individuals, mainly website owners, CERT teams and security companies, subscribe to notifications from 550 security researchers: 23,000 vulnerable websites, 5,000 fixed vulnerabilities, including security flaws linkedin.com, microsoft.com, apple.com and amazon.com and bbc.co.uk - these are the results of the first year of work.
Supported by security enthusiasts, XSSPosed is non-profit web vulnerability archive that aims to make web safer via crowd sourcing vulnerability research. Recently the archive launched Open Bug Bounty program to help security researchers and website owners coordinate vulnerability disclosure without putting websites visitors at risk.
Marsel Nizamutdinov, Chief Research Officer at web application security company High-Tech Bridge, says: “I think the project highlights and solves some problems of modern vulnerability research, when Bug Bounties do not work as initially supposed, or when researchers are not being recognized as promised. I hope the Open Bug Bounty they launched will help more website owners to keep their websites secure. At High-Tech Bridge, we would definitely considering using the free subscription service for our continuous web security monitoring service in the future.”