diff options
| author | Jordan Sitkin <jordan@fiftyfootfoghorn.com> | 2017-08-22 13:43:50 -0700 |
|---|---|---|
| committer | Jordan Sitkin <jordan@fiftyfootfoghorn.com> | 2017-08-22 13:43:50 -0700 |
| commit | f7d088645ed1a31c9786a4834ca8d7b205153ecc (patch) | |
| tree | 18a4aa3f9b84a26a2dc16aae587fca053e3341ab /guides | |
| parent | 665ac7cff212d010a3573f85cea895666fbaad15 (diff) | |
| download | rails-f7d088645ed1a31c9786a4834ca8d7b205153ecc.tar.gz rails-f7d088645ed1a31c9786a4834ca8d7b205153ecc.tar.bz2 rails-f7d088645ed1a31c9786a4834ca8d7b205153ecc.zip | |
Grammar fix
Changed the phrase '... and many more high targets' to '... and many more high _profile_ targets'
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 7736a4b224..d0d7e12b0a 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -687,7 +687,7 @@ The most common entry points are message posts, user comments, and guest books, XSS attacks work like this: An attacker injects some code, the web application saves it and displays it on a page, later presented to a victim. Most XSS examples simply display an alert box, but it is more powerful than that. XSS can steal the cookie, hijack the session, redirect the victim to a fake website, display advertisements for the benefit of the attacker, change elements on the web site to get confidential information or install malicious software through security holes in the web browser. -During the second half of 2007, there were 88 vulnerabilities reported in Mozilla browsers, 22 in Safari, 18 in IE, and 12 in Opera. The [Symantec Global Internet Security threat report](http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf) also documented 239 browser plug-in vulnerabilities in the last six months of 2007. [Mpack](http://pandalabs.pandasecurity.com/mpack-uncovered/) is a very active and up-to-date attack framework which exploits these vulnerabilities. For criminal hackers, it is very attractive to exploit an SQL-Injection vulnerability in a web application framework and insert malicious code in every textual table column. In April 2008 more than 510,000 sites were hacked like this, among them the British government, United Nations, and many more high targets. +During the second half of 2007, there were 88 vulnerabilities reported in Mozilla browsers, 22 in Safari, 18 in IE, and 12 in Opera. The [Symantec Global Internet Security threat report](http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf) also documented 239 browser plug-in vulnerabilities in the last six months of 2007. [Mpack](http://pandalabs.pandasecurity.com/mpack-uncovered/) is a very active and up-to-date attack framework which exploits these vulnerabilities. For criminal hackers, it is very attractive to exploit an SQL-Injection vulnerability in a web application framework and insert malicious code in every textual table column. In April 2008 more than 510,000 sites were hacked like this, among them the British government, United Nations, and many more high profile targets. #### HTML/JavaScript Injection |