Saturday, 3 November 2007

This is an interesting read about CSRF attacks, covering the difference between XSS and CSRF, attack points and possible prevention solutions. Code examples are provided.

Friday, 2 November 2007

Our friend Nexus has written a fresh and very interesting paper on how to prevent CSRF attacks.

Wednesday, 31 October 2007

The best FAQ about cross-site scripting. Answers and questions on identification, threats, and prevention with examples and links. A must read if your site is XSS attacked.

Friday, 13 July 2007

A PoC of the first cross webmail worm (XWW) called "Nduja connection". This paper is a very interesting read, supported by a very nice video demonstration of the worm.

Monday, 21 May 2007

In this paper, Gunter Ollmann provides an analytical explanation regarding HTML code injection and XSS. A great technical paper for an in-depth understanding of the cause and effect of XSS vulnerabilities.

Thursday, 17 May 2007

In this paper, Nexus explains what is XSS and presents exploitation techniques that are related to each type of XSS vulnerabilities: DOM-Based, Non-Persistent, Persistent. He also provides information on possible XSS prevention solutions.

1 2 3 4 5