Dailydave mailing list archives
Re: Book Reviews
From: Thomas Ptacek <thomasptacek () gmail com>
Date: Tue, 11 Oct 2016 12:30:19 -0700
Yeah, this rang false to me too. It’s also the reason you can’t take a client with 100 applications and run a tool that spams every discovered endpoint with XSS vectors; their customers scream bloody murder when every other page starts popping an alert box. (This comes up a lot because people who don’t do large-scale testing tend to believe XSS is something you can safely test for everywhere). On October 11, 2016 at 2:28:12 PM, Eric Schultz (fire0088 () gmail com) wrote: "You cannot deface websites with cross-site-scripting" You can with stored cross site scripting. You if the app is also vulnerable to cross site request forgery. You can if you steal a privileged session and you have network access. -Eric On Oct 10, 2016 11:24 AM, "Dave Aitel" <dave.aitel () gmail com> wrote:
2 Book Reviews in this post. 1. Lab Girl <https://www.amazon.com/Lab-Girl-Hope-Jahren-ebook/dp/B00Z3FYQS4/ref=tmm_kin_swatch_0?_encoding=UTF8&qid=1476112205&sr=8-1> : Probably the best book I've read all year. Immediately go and purchase and read this. Speaks well to the hacker spirit, but is written like poetry. 2. http://cybersecpolitics.blogspot.com/2016/10/book- review-cyber-war-vs-cyber-realities.html - Read my review please, but don't buy the book. :) I masochistically read these books because if you don't publicly review them, they filter into things people "know" about cyber war strategy, and make for very painful policy meetings and Wassenaar like things. People who write these sort of books need to write them knowing someone is going to read them with a critical eye. -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________
Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Book Reviews Dave Aitel (Oct 10)
- Re: Book Reviews Eric Schultz (Oct 11)
- Re: Book Reviews Dave Aitel (Oct 11)
- Re: Book Reviews Thomas Ptacek (Oct 11)
- Re: Book Reviews JJ Gray (Oct 12)
- Re: Book Reviews Eric Schultz (Oct 11)