Re: XSS vulnerability

["Ankur Jindal" <divinepresence () gmail com>]

Hey,

You might want to check this page out:
http://www.owasp.org/index.php/Testing_for_Cross_site_scripting


On Dec 14, 2007 8:24 AM, Heng Kuo Kuang Kelvin  NCS <kuokuang () ncs com sg> wrote:
> Hi,
> I tried to google for XSS vulnerability, how to hack, how to prevent,
> etc. However, I have no any meaningful information for me to work with.
>
> Actually, I am supposed to address some XSS vulnerability on some of the
> in-house application developed by 3rd party vendor. My web server is
> already patched to its latest version, however the coding in the
> application is subjected to XSS vulnerability, I would like to do
> something about it rather than waiting for the application developer to
> rewrite the application.
>
> Can anyone of you help me by giving me some guidance?
>
> 1) What kind of pattern will I be able to pick up from my web server
> logs to show that there is XSS attacks against my web server?
> 2) How can I prevent XSS from attacking my web servers [Apache, Sun One,
> IIS 5 & 6] without having to change the application coding?
> 3) How can I test for XSS vulnerability on my web servers?
>
> Any information will be greatly appreciated.
>
> Thanks in advance
>
> Regards,
> Kelvin Heng