My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Wednesday, November 12, 2003
« New NIST security publications | Main | MSDN Magazine (Nov 2003) - Dedicated to ... »

Via [Slashdot]

Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal. They are unique in that, rather than attacking a server directly, they use a vulnerable server as a vector to attack a client. This can lead to extreme difficulty in tracing attackers, especially when requests are not fully logged (such as POST requests). Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full ramifications of what can be done with a successful XSS attack. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated. This paper will explore those possibilities.  Download @ http://www.net-security.org/dl/articles/xss_anatomy.pdf

Everyone talks about it.. Here is a full blown treatment.

[Now Playing: Mehndi Laga Ke Rakhna - Lata Mangeshkar, Udit Narayan]

Tags:: Security
11/12/2003 7:04 PM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.