Cross-site scripting has been an OWASP Top 10 classic for more than a decade, but it still comes as a surprise to find it out in the wild, especially in a well-known product. During a recent penetration test, Target’s Security Testing Services team found that Microsoft’s SharePoint was vulnerable to a unique attack that, unlike typical cross-site scripting, could be exploited without any interaction from the victim user.
A few years ago, Target started a journey to move into a product-based organization with dedicated, durable, full-stack teams. One core belief we rallied behind was that product teams were accountable for building, running and supporting their products. Gone were the days of siloed development and operations teams. When a team introduces any change into production, it is accountable for supporting that change for as long as it lives.
Target Women in Science & Technology (TWIST) volunteers and four Dojo coaches recently hosted the first-ever TWIST EPIC Hack-a-thon on Jan. 15 and will be hosting another on Feb. 18. The TWIST EPIC Hack-a-thon is a new opportunity deriving from the EPIC Awards, a ceremony that honors 25 female high school students in the Twin Cities and surrounding metro area for being engaged, passionate, innovative and curious (EPIC) about science, technology, engineering and mathematics (STEM).