Full Disclosure mailing list archives
[xssworm.com] Alert : XSS Worms - Cross-Site Scripting and Web 2.0 Application Security Blog
From: "XSS Worm XSS Security Information Portal" <xssworm () gmail com>
Date: Sat, 27 Oct 2007 11:11:56 +1000
Greetings To All We are proud to announce the grand-opening of XSS Worm : Cross Site Scripting Attacks ™ - http://www.xssworm.com/ - Cross Site Scripting Attacks : the new site for discussion of XSS (also known as CSS (not to be confused with Cascading Style Sheets (also sometimes referred to as CSS)) vulnerabilities) security issues in web-enabled networks and dynamic Internet applications. XSS - a word commonly used by modern security experts to categorize a wide range of emerging web-enabled security threats. This unpronounceable word was once said to derive from the common term "Cross Site Scripting" (the leading X in this instance perhaps alluding to the Cross of the popular novel.) Yes friends our Web sites are being more complicated from day to day; and the web sites which has been produced by html is decreasing on the net. The popular ones are php;asp;jsp and other technologies and with this increasing the attacks are being more dangerous. It's very common and unfortunately still an issue we have to deal with in many web-aware applications. Internally the XSS WORM Team has been working on several XSS Security projects to help mitigate and fix these security issues, as well as to detect them in the code sources that are available online so that they can be fixed a worm is developed. According to a new study, up to over *90% of all (100%) web sites* may be vulnerable to some form of security attack. Prominent Jeremiah Grossman of WhiteHat Security (whitehat.com) — the Web applications security founded by vulnerability scanning whiz Jeremiah Grossman — concludes that as many as 90 percent of all the sites that it has tested in the last year remain open to some form of hijack or infection. The leading problem remains many sites' vulnerability to cross-site scripting (XSS) hacks, through which attackers place malicious code on legitimate sites to trick end users into handing over their personal information or passwords. As many as 75 percent of the pages scanned by WhiteHat had some form of XSS-exploitable flaw, according to the paper. But it's not only XSS Worms that application developers have to be conerned about - according to Whitehat, Cross Request Forgery attacks are emerging as the "new .. [xss] " and hackers are scrambling to update their virus engines. "The best way to think about Response Splitting is that it's executed similarly to Cross-Site Scripting (XSS) … *but more powerful*." -- Jeremiah Grossman As in the rest of the online world, however, WhiteHat contends that XSS threats top the list of vulnerability classes by vertical, followed closely by Information Leakage. "These statistics continue to reveal recurring and emerging issues that are affecting Web sites across industries," said Grossman, who wears the title of CTO at WhiteHat. "As increasing amounts of sensitive data are stored online, WhiteHat remains vigilant about alerting companies to common attack methods and emphasizing the importance of Web site vulnerability management as part of their overall security posture." The original security article source can be located at http://weblog.infoworld.com/zeroday/archives/2007/10/study_90_percen.html This is our introduction for the newest premium security information service XSSworm.com : cross-site scripting attacks - we will be posting news and updates on these topics and we welcome all of your comments on the topics of Web 2.0 Security, Cross-Site Scripting, XSS Worms, XSRF Worms, Digg and Social Networking worms, Youtube worms, Facebook worms, Web 2.0 Security and XML and so much more. Please pay our XSS page a visit and leave your comments! - only the most relevant XSS security news and tools and comments only - no spam please your blackhat SEO <http://xssworm.com/?&seo=blackhat> tricks is not welcome here. This email has been cross-posted for discussion on our XSS Security Discussion Forum board: http://tiniuri.com/f/n7 - replies welcome on list or on site. Thanks. Regards The XSSWorm . Com Security Team. ------ Francesco Vaj CSS Security Researcher -- XSSworm.com mailto:vaj () nospam xssworm com Aim: XSS Cross Site http://www.XSSworm.com - Cross Site Scripting Attacks Web 2.0 Application Security Information Blog 2007 <http://xssworm.com> "Vaj, bella vaj."
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [xssworm.com] Alert : XSS Worms - Cross-Site Scripting and Web 2.0 Application Security Blog XSS Worm XSS Security Information Portal (Oct 26)