Friday, 13 July 2007

A PoC of the first cross webmail worm (XWW) called "Nduja connection". This paper is a very interesting read, supported by a very nice video demonstration of the worm.

Monday, 21 May 2007

In this paper, Gunter Ollmann provides an analytical explanation regarding HTML code injection and XSS. A great technical paper for an in-depth understanding of the cause and effect of XSS vulnerabilities.

Thursday, 17 May 2007

In this paper, Nexus explains what is XSS and presents exploitation techniques that are related to each type of XSS vulnerabilities: DOM-Based, Non-Persistent, Persistent. He also provides information on possible XSS prevention solutions.

Tuesday, 15 May 2007

In this paper, Kr3w provides a very good tutorial about cross-site scripting (XSS).

Thursday, 3 May 2007

In this paper, Nexus presents and explains the techniques and codes which are used by phishers who are knowledgeable about certain aspects of cross-site scripting (XSS) exploitation, in order to attack users or webmasters of websites that are vulnerable to XSS.

Saturday, 31 March 2007

In this paper, Petko D. Petkov explains how CSRF attacks can be prevented using tokens in a web application.

1 2 3 4 5