DEV Community

Cover image for An interactive demo of the TikTok XSS vulnerability
Gyan Chawdhary
Gyan Chawdhary

Posted on

An interactive demo of the TikTok XSS vulnerability

The recent investigation conducted by Checkpoint Research against TikTok highlights trivially-exploitable security issues, that could have allowed motivated threat actors to gain an understanding and/or manipulate their political adversaries Ad campaigns.

To demonstrate the significance of this vulnerability, we at Kontra have developed an interactive tutorial detailing the Cross-Site Scripting flaw reported within TikTok's Ad platform and the exploitation of this issue by hypothetical cyber adversaries.

The tutorial is designed to teach developers about how cross-site scripting attacks manifest in code, how malicious actors exploit these vulnerabilities and steps developers can take write secure code.

DEMO https://application.security/free-application-security-training/cross-site-scripting-vulnerability-in-tiktok

Top comments (1)

Collapse
 
osde8info profile image
Clive Da • Edited

ties in nicely with my earlier post on the tictok api