Hacker News new | ask | show | jobs
by mathieuh 2057 days ago
Is Companies House's website not done by GDS or something? I worked on a few GDS projects for DFT, we had to have independent pen testers test our services before they moved between phases.
1 comments
Someone1234 2057 days ago
Companies House wasn't compromised, they warned third parties about potential issues with the underlying data.
link
mkishi 2057 days ago
According to a thread [1] on Companies House's Developer Forum, they were.

[1]: https://forum.aws.chdev.org/t/cross-site-scripting-xss-softw...

link
mathieuh 2057 days ago
No I mean the fact that this was possible on their website, XSS is one of the simplest things to test, in fact it was one of the standard tests UI testers would do on new screens.

Not saying they were compromised.

link
ceejayoz 2057 days ago
It wasn't possible on their website.

They provide data feeds to many third parties, who might themselves be vulnerable, hence the notification.

link