Welcome to mirror list, hosted at ThFree Co, Russian Federation.

05_commonvuln_BrowserPlugins.md « webappsec « checklist « content « exampleSite - github.com/vjeantet/hugo-theme-docport.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/exampleSite/content/checklist/webappsec/05_commonvuln_BrowserPlugins.md
blob: e3888301570b1550afc004fb90bba262a808cc45 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

---
hidden: true
ignoresearch: true
---
**You mentioned that your application requires certain browser plugins to work correctly. Which of the following plugins are required?**
{{<c/choices webvuln_plugin  multi >}}
* (java) Java
* (flash) Flash
* (silverlight) Silverlight
* (other) Other
{{</c/choices >}}

{{<c/show `{webvuln_plugin} has 'other'` >}}
**What other plugins are required by your application?**
{{<c/text "webvuln_plugin_other"  />}}
{{</c/show >}}


{{<c/show `{webvuln_plugin} has 'other'` >}}
**Explain what the plugin is used for, what technology it uses (e.g., ActiveX, NPAPI, Chrome plugin, etc.), how it is usually deployed to your users, and what privileges it requires:**
{{<c/text "webvuln_plugin_other_details" multi  />}}
{{</c/show >}}


{{<c/show `{webvuln_plugin} has 'java'` >}}
{{%notice warning%}}
**Warning — possible medium-risk issue**\
\
Enabling Java in the browser exposes users to a variety of security issues. We strongly discourage requiring Java.\
\
**Is Java absolutely necessary for your application to function correctly? Are there any workarounds ?**
{{<c/text "webvuln_plugin_java_workarounds" multi />}}
{{%/notice%}}


{{</c/show >}}


{{<c/show `{webvuln_plugin} has 'other'` >}}
{{%notice danger%}}
**Warning — possible high-risk issue**\
\
In most cases, custom plugins are considered a security risk. Plugins can operate outside of the usual constraints (such as a same-origin policy, sandboxing, etc.) and can introduce security vulnerabilities that affect the entire browser. It's also often difficult to deploy and centrally manage them. We strongly discourage using custom plugins.\
\
**If you have compensating controls in place or feel that this issue does not constitute a risk in your specific circumstances, please explain below. If you're working to address this issue, include an estimate of when it will be resolved:**
{{<c/text "webvuln_plugin_other_conpensating_controls" multi />}}
{{%/notice%}}

{{</c/show >}}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-15 23:13:36 +0300