Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: XSS LAB DEMO IDEAS

From: "Kevin Spett" <kspett () spidynamics com>
Date: Mon, 6 Jan 2003 14:57:23 -0500
The site we use for our paper (http://www.spidynamics.com/mktg/xss/) is
online at http://endo.webappsecurity.com/  Feel free to use it to educate
people about XSS... As the Unix Terrorist stated so succinctly at Defcon,
"Cross-site scripting is an issue that affects us all."


Kevin Spett
SPI Labs
http://www.spidynamics.com/

----- Original Message -----
From: "Jeremy Junginger" <jj () act com>
To: "pen-test" <pen-test () securityfocus com>
Sent: Monday, January 06, 2003 12:00 PM
Subject: XSS LAB DEMO IDEAS


After reading the papers by iDefense and the paper at
http://www.technicalinfo.net/papers/CSS.html , I would like to put a
working example together to familiarize our web developers with XSS
vulnerabilities and their impact on the web site (and business).  I
would like to poll the group for interesting ways to demonstrate these
vulnerabilities in a lab environment.  Thanks for taking the time to
give your input.

-Jeremy

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: