Advertisements

Open redirect vulnerabilities: definition and prevention

Written by Russ McRee, HolisticInfoSec.org

Sunday, 6 July 2008

(IN)SECURE Magazine Issue 17, includes Russ's article about open redirect vulnerabilities. Covers them in detail by providing info on real-world examples, prevention solutions and the relation with PCI-DSS standards.


read more...

Paper: Smashing the Web for fun & profit using XSS

Written by Gerasimos Kassaras, blog.kassaras.com

Monday, 23 June 2008

In this tutorial paper, Gerasimos describes in full detail how to perform  an XSS filter invasion and run his JavaScript key logger in order to steal user names, passwords and user credentials.


read more...

Paper: Defending against XSS with .NET

Written by Gerasimos Kassaras, blog.kassaras.com

Monday, 23 June 2008

In this tutorial paper, Gerasimos Kassaras provides useful insight into how to defend against cross-site scripting with .NET.


read more...

Paper: Carnival, or how to camouflage data for XSS filters

Written by Veda, wired-security.net

Thursday, 19 June 2008

An interesting paper on how to use various obfuscations for XSS filter evations to inject JavaScript code.


read more...

Firefox extensions for web developers and penetration testers

Written by SkyOut & Veda, wired-security.net

Thursday, 19 June 2008

This text lists useful Firefox add-ons to use for website vulnerability assessments.


read more...

Paper: Real World XSS

Written by David Zimmer, SandSprite.com

Tuesday, 3 June 2008

This  paper was written back in 2003 and includes a very good description of what cross-site scripting is, methods of injection and filtering and a section titled "Inside the mind, mental walk along of a XSS hack".


read more...

1 2 3 4 5 

 

45884 total xss
14724 special xss
3026 fixed
5328 xss onhold
2932 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.