To quote digi7al64 “With all the recent stuff surrounding google i thought i would check out how secure yahoo was in comparison… cause I have never really bothered to audit the domain so to speak. anyways within 5 minutes i had my first xss” and indeed he did:
Click here to see the XSS in yahoo for yourself. It’s true, I tend to talk about Google more than other sites primarily because of how much traffic they get through their search engine as a percentage. But yes, all major sites tend to be plagued by XSS among a plethora of other web application security issues. The greater the interdependencies between each application and the greater the complexity of the application the more likely it will have flaws.
I know we’ve all heard the statistics about how many vulnerabilities per line of code there is, but I don’t think this statistic is accurate and I don’t think it applies well to web applications in particular. It would be interesting to get the statistics of how many holes there tend to be in web applications per line of code. My bet is it would be higher than almost any other application due to the way people tend to build web apps. The web is only growing my friends.