Tuesday, 15 May 2007

In this paper, Kr3w provides a very good tutorial about cross-site scripting (XSS).

Thursday, 3 May 2007

In this paper, Nexus presents and explains the techniques and codes which are used by phishers who are knowledgeable about certain aspects of cross-site scripting (XSS) exploitation, in order to attack users or webmasters of websites that are vulnerable to XSS.

Saturday, 31 March 2007

In this paper, Petko D. Petkov explains how CSRF attacks can be prevented using tokens in a web application.

Tuesday, 27 March 2007

In this paper, Aditya K Sood demonstrates the double trap XSS injection with the scope of determining a new class of XSS exploitation. The  target is SecTheory consultation website.

Saturday, 24 February 2007

A research whitepaper from Watchfire, has revealed a serious cross-site scripting vulnerability in Google Desktop. Malicious people can exploit this vulnerability to access sensitive data on  the attacked systems and in some cases take full control of them.

Tuesday, 20 February 2007

Kyran wrote a paper on the anatomy of a "Pseudo-Reflective" worm, which he coded to target GaiaOnline.com.

1 2 3 4 5