5.4 Lessons Learned
There are still obvious, easily exploitable bugs in widely deployed (enterprise) software products.
Cross-site scripting breaks ActiveX domain restrictions. This is also true for Microsoft’s SiteLock.[55]
From a bug hunter’s perspective, ActiveX controls are promising and valuable targets.
Vulnerability rediscovery happens (way too often).
Get A Bug Hunter's Diary now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.