Re: To XSS or not?

["Aaron Gray" <angray () beeb net>]

> how we will measure which one is major and which not ?
> major for you is minor for me and vice versa.

Major is an XSS on a well used "major"web site, or a financial based webh
site even if it is a "minor" web site. A "minor" XSS web vulnability is one
on a little known site.
Hope you argee with this definition.

> if we agree that XSS are vulns (i personally agree) then they deserve to
> be reported. Just look at the subject of the message that report a XSS
> and choose to read it or to not read it.

Yes I do, but I think a spcialized list is in order for web vulnabilities.

> XSS are based on bad code practices .. some day the programmers will
> learn to not make such mistakes if we point them. if we ignore them ....
> well security is not based on ignorance.

Yes I need to learn about this area as I am doing a couple of PHP&MySQL
based web sites myself and would like a specialized list to ask Q's on.

Regards,

Aaron

> Aaron Gray wrote:
> > Major ones could still be reported on the other lists.
> >
> > Aaron
> >
> > > something like xsstraq powered on securityfocus should be cleaner yep :)
> > >
> > > > Maybe there should be a special XSS list that could specialize in
> > > > that area ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/