Hello , While Penetration Testing I found out one interesting thing . If you use external scripts from other domain then you should be careful and cautious about the http cookie access. Certain time it can happen that you need to include scripts from other domain. But if you are not taking enough care of security practices, then other users account can be compromised by session hijacking and session fixation even if your website is not vulnerable . Confused ? Okay I will make it easy. What will happen if the web server from where you are including the external JS scripts is compromised ? Well you may think that's not a big deal because that's not the server where the developer is hosting the website. But what if I modify that external JS script of the compromised server ? Anyway I wont speak much and will give you a small demo instead. Here is the source code of the external JS file located at 192.168.42.145. This code return a random quote from an array.
Web - Network - System - Mobile - Cloud - Automotive - Embedded - Internet Of Things (IOT)