Cross Site Scripting
'Cross-site scripting' tears holes in Net security
USA Today article by Byron Acohido that details WhiteHat Security's assesment of Hotmail, Yahoo, Amazon, and America Online.
Apache: Cross Site Scripting Info
How the attack affects websites hosted on the Apache webserver and Apache specific issues.
Bypassing Javascript Filters - The Flash Attack
Paper by EyeonSecurity explaining how to inject CSS attacks into Web applications which allow Flash content.
CERT Advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests
Advisory published jointly by the CERT Coordination Center, DoD-CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capabi…
CERT/CC: How To Remove Meta-characters From User-Supplied Data In CGI Scripts
Examples in C and Perl.
CNN.com: Schwab's Site Could be Vulnerable
Charles Schwab's online customers are at risk of having their account information accessed and their accounts manipulated due to the same software vulnerability that affected E-Tra…
Cross Site Scripting Vulnerabilities
Security consultant David deVitry offers background information, a free CSS vulnerability detector, and a list of vulnerable sites.
Information on Cross-Site Scripting Security Vulnerability
Microsoft Technet provides a FAQ, overview of the threats posed by XSS, and suggestions for how their customers can protect themselves.
InfoWorld Opinions: Cross-site Scripting
Article on this often overlooked threat with links.
Microsoft Security Bulletin (MS00-060)
Patch available for 'IIS Cross-Site Scripting' vulnerabilities.
perl.com: Preventing Cross-site Scripting Attacks
Paul Lindner, author of the mod_perl cookbook, explains how to secure our sites against Cross-Site Scripting attacks using mod_perl and Apache::TaintRequest.
The Cross Site Scripting FAQ
Answers questions on identification, threats, and prevention. Provides examples and links.
Showing 20–12 of 12 results