Articles Tagged with "XSS"


From the Web

Shutting Down XSS with Content Security Policy

July 10, 2009 from: Mozilla Security Blog

For several years, Cross-Site Scripting (XSS) attacks have plagued many of the web’s most popular sites and victimized their users. At Mozilla, we’ve been working for the last year on a new technology called Content Security Policy.

Comments  (0)


From the Web

CWE Top 25 Breakdown - Part 1 of 4

June 11, 2009 from: hackyourself.net

This week, we’ll take a look at the recently published CWE Top 25 Most Dangerous Programming Errors. Since the Top 25 are broken into three main categories, it makes sense to address the list in three separate segments. But first, let’s review what the CWE Top 25 is and its importance.

Comments  (1)


From the Web

CWE Top 25 Breakdown - Part 2 of 4

June 07, 2009 from: hackyourself.net

Last week we introduced the CWE Top 25 Most Dangerous Programming Errors in Part 1 of a 4 part series. This week we will discuss the first nine, which have been categorized in a group called “Insecure Interaction Between Components”. Being the first nine, they are also the top 9, or the top most prevalent errors on the list. As me...

Comments  (1)


From the Web

Should I be worried about my web applications?

June 01, 2009 from: hackyourself.net

An interesting article published earlier this week on Information Week’s website here called “Web Applications: Achilles’ Heel Of Corporate Security” discusses the tremendous rise in web-application breaches and attacks th...

Comments  (1)


From the Web

Using XSS to Launch a SQL Injection Attack

June 01, 2009 from: hackyourself.net

Several weeks ago I stumbled on a client’s e-commerce site that had (what appeared to be) a non-vulnerable SQL Injection pathway on a search form. I used the standard calls to determine if it was vulnerable, determined (or so I thought) that it wasn’t and moved on to test for XSS.

Comments  (1)