Dailydave mailing list archives

Re: Book Reviews

From: Thomas Ptacek <thomasptacek () gmail com>
Date: Tue, 11 Oct 2016 12:30:19 -0700

Yeah, this rang false to me too. It’s also the reason you can’t take a
client with 100 applications and run a tool that spams every discovered
endpoint with XSS vectors; their customers scream bloody murder when every
other page starts popping an alert box.

(This comes up a lot because people who don’t do large-scale testing tend
to believe XSS is something you can safely test for everywhere).

On October 11, 2016 at 2:28:12 PM, Eric Schultz (fire0088 () gmail com) wrote:

"You cannot deface websites with cross-site-scripting"

You can with stored cross site scripting.

You if the app is also vulnerable to cross site request forgery.

You can if you steal a privileged session and you have network access.

-Eric

On Oct 10, 2016 11:24 AM, "Dave Aitel" <dave.aitel () gmail com> wrote:

2 Book Reviews in this post.

1. Lab Girl
<https://www.amazon.com/Lab-Girl-Hope-Jahren-ebook/dp/B00Z3FYQS4/ref=tmm_kin_swatch_0?_encoding=UTF8&qid=1476112205&sr=8-1>
 :
Probably the best book I've read all year. Immediately go and purchase and
read this. Speaks well to the hacker spirit, but is written like poetry.

2. http://cybersecpolitics.blogspot.com/2016/10/book-
review-cyber-war-vs-cyber-realities.html - Read my review please, but
don't buy the book. :) I masochistically read these books because if you
don't publicly review them, they filter into things people "know" about
cyber war strategy, and make for very painful policy meetings and Wassenaar
like things. People who write these sort of books need to write them
knowing someone is going to read them with a critical eye.

-dave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________

Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

Book Reviews Dave Aitel (Oct 10)
- Re: Book Reviews Eric Schultz (Oct 11)
  - Re: Book Reviews Dave Aitel (Oct 11)
  - Re: Book Reviews Thomas Ptacek (Oct 11)
    - Re: Book Reviews JJ Gray (Oct 12)