Re: Evolution of Cross-Site Scripting Attacks

[David Endler <dendler () idefense com>]

> Great ! This article is a very good explanation of how to 
> set-up an attack against web apps by using XSS.

Thanks :-) It was inspired in part by the fact that so many users, 
but more important vendors, don't seems to have a clear grasp of 
what XSS is and how it affects their sites.

> However, it is not really a "prediction" of a new type of attack: 
> several people (including me ;) have pointed out in the past on 
this mailing-list that 

I agree, I tried to make that subtle distinction in the paper but 
perhaps it didn't come across: I wasn't trying to predict automated 
XSS attacks (which have been demonstrated before by others 
including you), but instead predict it would start happening more 
and more.  The main point was to grab people's attention to 
increase awareness ahead of time.

-dave