Merge branch 'xss-demo-secure-coding-guidelines' into 'master'

Add XSS demo to secure coding page See merge request gitlab-org/gitlab!68994

Merge branch 'xss-demo-secure-coding-guidelines' into 'master'
Add XSS demo to secure coding page See merge request gitlab-org/gitlab!68994
1e320bb5 · Marcia Ramos · 6478c89e · dee1b060 · 1e320bb5
Commit 1e320bb5 authored Sep 09, 2021 by Marcia Ramos
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

doc/development/secure_coding_guidelines.md doc/development/secure_coding_guidelines.md +2 -0

No files found.
--- a/doc/development/secure_coding_guidelines.md
+++ b/doc/development/secure_coding_guidelines.md
@@ -295,6 +295,8 @@ The injected client-side code is executed on the victim's browser in the context

 Much of the impact is contingent upon the function of the application and the capabilities of the victim's session. For further impact possibilities, please check out [the beef project](https://beefproject.com/).

+For a demonstration of the impact on GitLab with a realistic attack scenario, see [this video on the GitLab Unfiltered channel](https://www.youtube.com/watch?v=t4PzHNycoKo) (internal, it requires being logged in with the GitLab Unfiltered account).
+
 ### When to consider?

 When user submitted data is included in responses to end users, which is just about anywhere.