Penetration Testing mailing list archives

Re: XSS LAB DEMO IDEAS

From: Mark Curphey <mark () curphey com>
Date: Mon, 06 Jan 2003 13:00:23 -0500 (EST)

Try WebGoat from OWASP http://www.owasp.org/webgoat/ 

It is a demo web application with XSS and many other problems like SQL Injection. A new version with full installers 
for Win32 and Linux will be released next week.

---- Jeremy Junginger <jj () act com> wrote:

After reading the papers by iDefense and the paper at
http://www.technicalinfo.net/papers/CSS.html , I would like to put a
working example together to familiarize our web developers with XSS
vulnerabilities and their impact on the web site (and business).  I
would like to poll the group for interesting ways to demonstrate these
vulnerabilities in a lab environment.  Thanks for taking the time to
give your input.

-Jeremy

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

XSS LAB DEMO IDEAS Jeremy Junginger (Jan 06)
- Re: XSS LAB DEMO IDEAS Loki (Jan 06)
- Re: XSS LAB DEMO IDEAS Kevin Spett (Jan 06)
- <Possible follow-ups>
- Re: XSS LAB DEMO IDEAS Mark Curphey (Jan 06)
- RE: XSS LAB DEMO IDEAS Dawes, Rogan (ZA - Johannesburg) (Jan 07)
- Re: XSS LAB DEMO IDEAS Fermín J . Serna (Jan 08)
- RE: XSS LAB DEMO IDEAS Jeremy Junginger (Jan 08)
- RE: XSS LAB DEMO IDEAS Dawes, Rogan (ZA - Johannesburg) (Jan 10)