Full Disclosure mailing list archives
RE: logically stopping xss
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Wed, 23 Jul 2003 10:28:28 -0500
-----Original Message----- From: Justin Shin [mailto:zorkshin () tampabay rr com] Sent: Tuesday, July 22, 2003 8:33 PM To: Full-Disclosure () Lists Netsys Com Subject: [Full-disclosure] logically stopping xss i know there's a lot of stupid jokes about XSS vulns right now, but I was wondering if there is any firewall or IDS software that can look for suspicious GET requests ... ie. GET /vulnerablewebapp/?<XSS SHZNIT> I'm sure there's a program out there ... and I'm stupid, please don't kill me...
You're referring to application firewalls, and yes they exist. There are products available specifically designed to protect a web server from all sort of attacks. Look at http://www.owasp.org/ for information about that field in general and what's going on in the open source community WRT it. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss Edstrom Johan (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss KF (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- Re: logically stopping xss Valdis . Kletnieks (Jul 22)
- RE: logically stopping xss Justin Shin (Jul 22)
- Re: logically stopping xss petard (Jul 22)
- <Possible follow-ups>
- RE: logically stopping xss Marc Ruef (Jul 23)
- RE: logically stopping xss Schmehl, Paul L (Jul 23)