|
|
|
|
Home / Computers / Security / Internet / WWW / Cross Site Scripting
|
|
|
|
Web Sites
|
- 'Cross-site scripting' tears holes in Net security - USA Today article by Byron Acohido that details WhiteHat Security's assesment of Hotmail, Yahoo, Amazon, and America Online.
www.usatoday.com/life/cyber/tech/2001-08-31-hotmail-security-side.htm
- Apache: Cross Site Scripting Info - How the attack affects websites hosted on the Apache webserver and Apache specific issues.
httpd.apache.org/info/css-security
- Bypassing Javascript Filters - The Flash Attack - Paper by EyeonSecurity explaining how to inject CSS attacks into Web applications which allow Flash content.
eyeonsecurity.net/papers/flash-xss-description.htm
- CERT Advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests - Advisory published jointly by the CERT Coordination Center, DoD-CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capability (FedCIRC), and the National Infrastructure Protection Center (NIPC).
www.cert.org/advisories/CA-2000-02.html
- CERT/CC: How To Remove Meta-characters From User-Supplied Data In CGI Scripts - Examples in C and Perl.
www.cert.org/tech_tips/cgi_metacharacters.html
- CNN.com: Schwab's Site Could be Vulnerable - Charles Schwab's online customers are at risk of having their account information accessed and their accounts manipulated due to the same software vulnerability that affected E-Trade's Web site in September.
www.cnn.com/2000/TECH/computing/12/08/schwab.cost.idg
- Cross Site Scripting Vulnerabilities - Security consultant David deVitry offers background information, a free CSS vulnerability detector, and a list of vulnerable sites.
www.devitry.com/security.html
- iDefense iALERT White Paper: Evolution of Cross-Site Scripting Attacks - Predicts semi-automated techniques will aggressively begin to emerge for targeting and hijacking web applications.
www.idefense.com/XSS.html
- Information on Cross-Site Scripting Security Vulnerability - Microsoft Technet provides a FAQ, overview of the threats posed by XSS, and suggestions for how their customers can protect themselves.
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/topics/crssite.asp
- InfoWorld Opinions: Cross-site Scripting - Article on this often overlooked threat with links.
www.infoworld.com/articles/op/xml/02/05/06/020506opsecurity.xml
- Microsoft Security Bulletin (MS00-060) - Patch available for 'IIS Cross-Site Scripting' vulnerabilities.
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms00-060.asp
- perl.com: Preventing Cross-site Scripting Attacks - Paul Lindner, author of the mod_perl cookbook, explains how to secure our sites against Cross-Site Scripting attacks using mod_perl and Apache::TaintRequest.
www.perl.com/pub/a/2002/02/20/css.html
- SkyLined: Cross-site scripting - Bad user-input filtering can lead to SQL- and HTML-injection, Cross-site scripting and server-side script DoS. Includes guide to finding flaws and an archive of flaws found in popular web sites.
spoor12.edup.tudelft.nl/SkyLined/docs/bad_user_input_filtering.html
- WhiteHat Community: Cross-Site-Scripting - Several articles on the subject.
community.whitehatsec.com/search.pl?topic=Cross-Site-Scripting
- The Cross Site Scripting FAQ - Answers questions on identification, threats, and prevention. Provides examples and links.
www.cgisecurity.com/articles/xss-faq.shtml
|
|
|
|
|