Paper: Smashing the Web for fun & profit using XSS

Written by Gerasimos Kassaras, blog.kassaras.com

Monday, 23 June 2008

In this tutorial paper, Gerasimos describes in full detail how to perform  an XSS filter invasion and run his JavaScript key logger in order to steal user names, passwords and user credentials.


read more...

Paper: Defending against XSS with .NET

Written by Gerasimos Kassaras, blog.kassaras.com

Monday, 23 June 2008

In this tutorial paper, Gerasimos Kassaras provides useful insight into how to defend against cross-site scripting with .NET.


read more...

Paper: Carnival, or how to camouflage data for XSS filters

Written by Veda, wired-security.net

Thursday, 19 June 2008

An interesting paper on how to use various obfuscations for XSS filter evations to inject JavaScript code.


read more...

Firefox extensions for web developers and penetration testers

Written by SkyOut & Veda, wired-security.net

Thursday, 19 June 2008

This text lists useful Firefox add-ons to use for website vulnerability assessments.


read more...

Paper: Real World XSS

Written by David Zimmer, SandSprite.com

Tuesday, 3 June 2008

This  paper was written back in 2003 and includes a very good description of what cross-site scripting is, methods of injection and filtering and a section titled "Inside the mind, mental walk along of a XSS hack".


read more...

Paper: The XSS Epidemic: Tools for discovery and remediation

Written by Russ McRee, HolisticInfosec.org

Tuesday, 29 April 2008

Russ's latest toolsmith column for ISSA Journal is a very interesting read about cross-site scripting.


read more...

2 3 4 

 

25561 total xss
1454 fixed
2970 xss onhold
604 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.