A few days ago a Cross-site-scripting vulnerability was discovered and reported on the American Express Site. A XSS vulnerability can allow attackers to steal user authentication cookies from americanexpress.com, thus leading to an account hijack.
As web-security consultant Joshua D.Abraham said, web developers addressed only one instance of the problem. They did not fully assess the whole application to check for similar issues!
This shows the importance of using an automated web vulnerability scanner. Web vulnerability scanners have an important role to play in the security testing of web applications. Not only do scanners make the process of testing Web Applications more efficient but they can also serve to double check the website developer’s work. Since most large websites are constantly changing, it makes sense to schedule a periodic scan to make sure that any vulnerabilities are detected before they hit customers or your website’s reputation.
By making use of an automated web vulnerability scanner such as Acunetix, a developer or security professional could have found these high profile vulnerabilities. It would possibly have prevented American Express the embarrassment of having to deal with a second security flaw after just a few days!
Read more about the reported vulnerability in this article