Open redirect vulnerabilities: definition and prevention

Written by Russ McRee, HolisticInfoSec.org

Sunday, 6 July 2008

(IN)SECURE Magazine Issue 17, includes Russ's article about open redirect vulnerabilities. Covers them in detail by providing info on real-world examples, prevention solutions and the relation with PCI-DSS standards.

Paper: Smashing the Web for fun & profit using XSS

Written by Gerasimos Kassaras, blog.kassaras.com

Monday, 23 June 2008

In this tutorial paper, Gerasimos describes in full detail how to perform an XSS filter invasion and run his JavaScript key logger in order to steal user names, passwords and user credentials.

Paper: Defending against XSS with .NET

Written by Gerasimos Kassaras, blog.kassaras.com

Monday, 23 June 2008

In this tutorial paper, Gerasimos Kassaras provides useful insight into how to defend against cross-site scripting with .NET.

Paper: Carnival, or how to camouflage data for XSS filters

Written by Veda, wired-security.net

Thursday, 19 June 2008

An interesting paper on how to use various obfuscations for XSS filter evations to inject JavaScript code.

Firefox extensions for web developers and penetration testers

Written by SkyOut & Veda, wired-security.net

Thursday, 19 June 2008

This text lists useful Firefox add-ons to use for website vulnerability assessments.

Paper: Real World XSS

Written by David Zimmer, SandSprite.com

Tuesday, 3 June 2008

This paper was written back in 2003 and includes a very good description of what cross-site scripting is, methods of injection and filtering and a section titled "Inside the mind, mental walk along of a XSS hack".

1 2 3 4 5

45884 total xss 14724 special xss 3026 fixed 5328 xss onhold 2933 EW subscribers

Tweets about ""cross site scripting" OR from:xssedcom"