WebApp Sec mailing list archives
RE: Detecting cross-site scripting attacks
From: <roshen.chandran () paladion net>
Date: Wed, 14 May 2003 08:37:27 +0530
Cedar, As XSS relies on executing a script on the victim, by reflecting the input that is sent to the server, these tools should be able to detect XSS attacks by checking if Form POSTs (the data that is posted to the server) or GET requests (the URL that is requested) contain Javascript tags embedded in them. -- Roshen -----Original Message----- From: Cedar Moore [mailto:cedar1420 () yahoo com] Sent: Tuesday, May 13, 2003 11:02 PM To: webappsec () securityfocus com Subject: Detecting cross-site scripting attacks I am new to web application security, a lot of layer 7 application security products detect cross-site scripting attacks (ex: sanctum appshield). How these products do? There is lot of information about cross- site scripting attacks but I did not came across how these web application attacks can be detected. Is there any white paper there out explaining the generic detection methods?
Current thread:
- Detecting cross-site scripting attacks Cedar Moore (May 13)
- RE: Detecting cross-site scripting attacks roshen.chandran (May 14)
- <Possible follow-ups>
- RE: Detecting cross-site scripting attacks Harbar, Spencer (May 14)
- Re: Detecting cross-site scripting attacks Cedar Moore (May 14)
- RE: Detecting cross-site scripting attacks Vinny Bedus (May 14)
- RE: Detecting cross-site scripting attacks Calderon, Juan C (CORP, DDEMESIS) (May 14)