WebApp Sec mailing list archives

RE: Detecting cross-site scripting attacks

From: <roshen.chandran () paladion net>
Date: Wed, 14 May 2003 08:37:27 +0530

Cedar,

As XSS relies on executing a script on the victim, by reflecting the
input that is sent to the server, these tools should be able to detect
XSS attacks by checking if Form POSTs (the data that is posted to the
server) or GET requests (the URL that is requested) contain Javascript
tags embedded in them. 

--
Roshen 

-----Original Message-----
From: Cedar Moore [mailto:cedar1420 () yahoo com] 
Sent: Tuesday, May 13, 2003 11:02 PM
To: webappsec () securityfocus com
Subject: Detecting cross-site scripting attacks




I am new to web application security, a lot of layer 7 application 

security products detect cross-site scripting attacks (ex: sanctum 

appshield). How these products do? There is lot of information about
cross-

site scripting attacks but I did not came across how these web
application 

attacks can be detected. Is there any white paper there out explaining
the 

generic detection methods?

Current thread:

Detecting cross-site scripting attacks Cedar Moore (May 13)
- RE: Detecting cross-site scripting attacks roshen.chandran (May 14)
- <Possible follow-ups>
- RE: Detecting cross-site scripting attacks Harbar, Spencer (May 14)
- Re: Detecting cross-site scripting attacks Cedar Moore (May 14)
  - RE: Detecting cross-site scripting attacks Vinny Bedus (May 14)
- RE: Detecting cross-site scripting attacks Calderon, Juan C (CORP, DDEMESIS) (May 14)