Penetration Testing mailing list archives
Re: Cross Site Scripting Vulnerabilities - XSS
From: Chad Loder <cloder () acm org>
Date: Tue, 6 Aug 2002 08:02:08 -0700
Hi Jason, I'm not sure if you're interested in commercial tools or not, but Rapid 7's vulnerability scanner NeXpose will spider an entire website and test each field of each form it encounters for vulnerability to cross site scripting. You can download an eval copy from www.rapid7.com. Yours, Chad Loder Rapid 7, Inc. * Jason binger <cisspstudy () yahoo com> [020806 07:35]:
Has anyone on the list done much with testing for XSS vulnerabilities? Has anyone written a simple work program to test for these vulnerabilities that they are happy to distribute so others can do basic testing for these vulnerabilities? There a few papers out on this topic, but none that I hve seen that really focus on the testing side of things. Thanks __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Cross Site Scripting Vulnerabilities - XSS Jason binger (Aug 06)
- Re: Cross Site Scripting Vulnerabilities - XSS Chad Loder (Aug 06)
- Re: Cross Site Scripting Vulnerabilities - XSS Bill Pennington (Aug 06)
- Message not available
- Re: Cross Site Scripting Vulnerabilities - XSS Jeremiah Grossman (Aug 07)
- Message not available
- RE: Cross Site Scripting Vulnerabilities - XSS Matt Andreko (Aug 07)
- Re: Cross Site Scripting Vulnerabilities - XSS Bill Pennington (Aug 07)
- Re: Cross Site Scripting Vulnerabilities - XSS Kevin Spett (Aug 09)
- RE: Cross Site Scripting Vulnerabilities - XSS Matt Andreko (Aug 12)
- Re: Cross Site Scripting Vulnerabilities - XSS Kevin Spett (Aug 12)
- <Possible follow-ups>
- RE: Cross Site Scripting Vulnerabilities - XSS Jeremy Junginger (Aug 12)