XSS
Tag details
Welcome to the 'XSS' tag page at Technorati. This page features content from the farthest reaches of the Blogosphere that authors have "tagged" with 'XSS'.
Look up
"XSS"
at The Free Dictionary
"XSS"
at The Free Dictionary
Latest blogosphere posts tagged “XSS”
-
Federal Statutes Aid Trade Secret Prosecution
Information Security Resources —
Authority: 473
By John Watkins , Attorney with Chorey, Taylor & Feil The protection of trade secrets through litigation has generally been limited to civil lawsuits, typically filed under state law statutory or common law provisions. This is true even though federal and state statutes have provided criminal penalties ...17 hours ago -
PayPal is Safer with NoScript
hackademix.net —
Authority: 401
Strict Transport Security (STS) has gone live on PayPal yesterday. STS is a simple yet effective system for web sites requiring high safety levels, e.g. payment gateways or financial institutions, to force HTTPS connections on every request originated by supporting browsers. It is currently supported by NoScript ...2 days ago -
Social Media Scams Plague Networks
Information Security Resources —
Authority: 473
By Robert Siciliano, Identity Theft Expert For the past year, I’ve been screaming about the trouble with social media as it relates to identity theft, brand hijacking, privacy issues, and the opportunity social media creates for criminals to “friend” their potential victims in order to create a false ...4 days ago -
Browser Protocol Weakness Allows Theft/Poisoning Of Website Credentials
CyberInsecure.com —
Authority: 124
A security researcher has discovered a weakness in a core browser protocol that compromises the security of Google, Facebook, and other websites by allowing an attacker to tamper with the cookies they set.The weakness stems from RFC 2965, which dictates that browsers must allow subdomains (think www.google.com) to set ...5 days ago -
Apple’s iTunes Affiliates site briefly subjected to image swaps
Sell Off Music —
Authority: 162
Filed under: Hacks , iTunes , Apple Our friends over at OS X Daily passed along their story noting that Apple’s site for iTunes Affiliates was vulnerable to a cross-site URL trick, letting you substitute your own images for the ones normally displayed on the page. Since the site is intended to let ...5 days ago -
Apples iTunes Affiliates site briefly subjected to image swaps
The Unofficial Apple Weblog (TUAW) —
Authority: 784
Filed under: Hacks , iTunes , Apple Our friends over at OS X Daily passed along their story noting that Apples site for iTunes Affiliates was vulnerable to a cross-site URL trick, letting you substitute your own images for the ones normally displayed on the page. Since the site is intended to let websites ...5 days ago -
Watcher: Spotting dubious webishness
HolisticInfoSec.org —
Authority: 106
Novembers toolsmith features Watcher , a great passive security auditor from Chris Weber of Casaba Security , that detects web application security issues as well as operational configuration concerns. Watcher plugs neatly into Fiddler , an indispensable proxy that should be an inherent part of your web ...6 days ago -
Secure Web Hosting
Security Watch —
Authority: 548
Even after the death of the free Geocities service web hosting can be had for very cheap, with real plans starting at even a few dollars a month. But what are you getting for that kind of money? In terms of security, not a whole lot.Most sophisticated attacks against web sites these days arent the sort of thing that ...1 week ago -
再论跨站脚本攻防之道
??'s Blog —
Authority: 120
本文已发表于《 黑客 防线》 作者:Xylitol 译者: riusksk 目录 0x100 The Cross Frame Scripting | 0x110 理论阐述 | 0x111 漏洞代码样本 | 0x112 编写安全代码 0x200 Header for fun and profit |0x210 Cross Agent Scripting |0x211 首份XAS漏洞代码 |0x212 ...1 week ago -
pxss.py: Pure Python to access libXss via ctypes
make YJL —
Authority: 106
pxss.py is a replacement of PyXSS/src/__init__.py , but not entire PyXSS . You can have IdleTracker , XSSTracker , and get_info() , and thats all. It accesses libXss.so via ctypes . You only need to put it with your script without installation or compilation. A quick example of getting the idle time: ...1 week ago -
Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool
Darknet - The Darkside —
Authority: 465
Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that ...1 week ago -
Web Protection Library (WPL) – Evolution of Anti-XSS Library
D' Technology Weblog —
Authority: 529
Microsoft is actively developing the next iteration of Anti-XSS library and Security Runtime Engine (SRE) with added new mitigations that go way beyond the original Cross Site Scripting (XSS) protections of the Anti-XSS Library hence the change in name to the Web Protection Library or WPL. WPL now includes encoding ...3 weeks ago -
Microsoft Anti-XSS Library v3.1 Released
cyphersec —
Authority: 103
The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1 . How does a cross-site scripting (XSS) vulnerability occur? An example is when a web application does not encode the output that is sent to the browser, this can make the ...3 weeks ago -
Court Limits Confidentiality in Civil Litigation
Information Security Resources —
Authority: 473
By John Watkins , Attorney with Chorey, Taylor & Feil The Hon. Owen Forrester, Senior Judge of the United States District Court for the Northern District of Georgia, recently announced a new case management procedure that will limit the parties from consenting to blanket protective orders to protect the ...3 weeks ago -
Liberté, Accessibilité and Securité – that was Paris Web 2009
Wait till I come! —
Authority: 521
Last week I went to Paris, France to speak at a Yahoo Developer Network event and Paris Web. Paris Web is a web development, design and accessibility conference that runs for the fourth year (I think) and I’ve been speaking there for the third time. My presentation – basic housekeeping Originally I planned to ...3 weeks ago -
Syntax support for HTML Encoding in ASP.NET 4
Kirk Jackson's Page of Words —
Authority:
To prevent cross-site scripting, its important to encode data before outputting it. Up until now, it has been quite hard to ensure youre encoding everywhere throughoutyour app. Its great to see the new syntax in ASP.NET 4 to automatically encode: First Name: : Model.FirstName ...4 weeks ago -
Announcing the Web Application Security Scanner Evaluation Criteria v1
CGISecurity - Website and Application Security News —
Authority: 113
"The Web Application Security Consortium is pleased to announce the release of version 1 of the Web Application Security Scanner Evaluation Criteria (WASSEC). The goal of the WASSEC project is to create a vendor-neutral document to help guide information security professionals during web application scanner ...4 weeks ago -
Double Shot #557
A Fresh Cup —
Authority: 527
Some mornings it’s tough to get out of bed. We Just Undid Three Months of Dev work. Here’s What We Learned – Good writeup from the Scout team of what was behind some of their recent changes. Part of being smart is knowing when to give up on a feature. Ruby DSL Trick With the Hash – Cute little bit ...4 weeks ago -
Social Media Policies for Business Part II
Information Security Resources —
Authority: 473
By Tom McLain , Attorney with Chorey, Taylor & Feil For companies, the fundamental problem with social media and social networking is that employees use them to manage not only their professional relationships, but also their personal relationships. While this dual purpose component of social ...5 weeks ago -
Firefox 3.7 with improved content security features
D' Technology Weblog —
Authority: 529
Firefox 3.7 "Minefield" is capable of restricting certain classes of embedded code from execution, and Web sites can advertise to browsers in advance which classes of code its pages contain. The end result, the developers of Mozillas Content Security Policy (CSP) hope, is that policy-enhanced browsers will be ...5 weeks ago
