xss

Tag details

Welcome to the 'xss' tag page at Technorati. This page features content from the farthest reaches of the Blogosphere that authors have "tagged" with 'xss'.

Look up Offsite Link "xss" at The Free Dictionary

Latest blogosphere posts tagged “xss”

  • High Ranking Websites Spread Malware Through Cross-Site Scripting Vulnerabilities


    CyberInsecure.comAuthority Authority: 128
    Malware purveyors are exploiting web vulnerabilities in appleinsider.com, lawyer.com, news.com.au and a dozen other sites to foist rogue anti-virus on unsuspecting netizens.The ongoing attacks are notable because they use exploits based on XSS, or cross-site scripting, to hide malware links inside the URLs of trusted ...
    2 days ago
  • Microsoft CAT.NET v1.1.1.9 – Binary Code Analysis Tool .NET


    Darknet - The DarksideAuthority Authority: 456
    CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within ...
    4 days ago
  • Experimenting With WASC Threat Classification Views: Vulnerability Root Cause Mapping


    CGISecurity - Website and Application Security NewsAuthority Authority: 114
    I currently lead the WASC Threat Classification Project and were expecting to publish our latest version next month. One of the biggest changes between the TCv2 and TCv1 is that were doing away with single ways to represent the data. In the TCv1 we had a single tree structure to convey appsec...
    4 days ago
  • XSS Attack your database to detect missing Output Encoding


    parallelthinkingAuthority Authority: 439
    Cross Site Scripting (XSS) Attacks must be one of the most popular type of attacks of websites these days with maybe only SQL Injection attacks getting more attention that that. XSS Attacks The concept is quite simple for Persistent Attacks. User A attacks a website and via some vulnerability, it manages to push an ...
    1 week ago
  • HTML5 new XSS vectors


    The SpannerAuthority Authority: 402
    So I posted some new XSS vectors on twitter and I thought I’d share them on the blog in case anyone missed them. Safari, Chrome and Opera all support these now We have a brand new way of auto executing XSS. Normally when you find a XSS hole within a input element that has filtered you can’t exploit it ...
    1 week ago
  • WP-Cumulus for WordPress – XSS, FPD


    Microsoft Patch WatchAuthority Authority: 157
    Topic : WP-Cumulus for WordPress - XSS, FPD CVE : CVE-2009-4168, CVE-2009-4170 CWE : CWE-79, CWE-200 SecurityRisk : Medium ....
    2 weeks ago
  • Safer Online Shopping with Internet Explorer 8


    Technology InfoAuthority Authority: 450
    Yesterday was what is known as “Cyber Monday,” which is the first Monday after Black Friday every year and is one of the top online shopping days here in the United States. Cyber Monday is when people move to the Web to make purchases they missed in stores during Black Friday. And many online retailers ...
    2 weeks ago
  • Internet Explorer 8 delivered over 275 Million malware blocks


    D' Technology WeblogAuthority Authority: 545
    There’re 3 major threats people shopping online should be aware of: Malware, Cross-site Scripting (XSS), and ClickJacking . “ Internet Explorer 8 protects against each of these threats via SmartScreen. To date, IE8 has delivered over 275 Million malware blocks . And as of Sep., IE8 is blocking 1 in every 200 ...
    2 weeks ago
  • REI: vulnerability remediation done wrong


    HolisticInfoSec.orgAuthority Authority: 109
    Part 2 of 2 of Vulnerability remediation done * It makes me sad to use REI as another example of the wrong way to manage vulnerability disclosure; I am a member who is fond of their stores and products. I will not name names or blather on about negligence. Rather, I will let the facts simply speak for ...
    2 weeks ago
  • Pligg pluggs holes: vulnerability remediation done right


    HolisticInfoSec.orgAuthority Authority: 109
    Part 1 of 2 of Vulnerability remediation done * Often, when I disclose web application vulnerabilities to Secunia, who in turn works with vendors to drive mitigation and remediation, we are met with vendors who dont reply , dont care , or dont fix . Yet, once in a rare while a vendor chooses the righteous ...
    2 weeks ago
  • Trade Secrets and Confidential Information


    Information Security ResourcesAuthority Authority: 471
    By John Watkins , Attorney with Chorey, Taylor & Feil We have addressed the importance of trade secrets and confidential information previously on this blog and in our series of podcasts . We have discussed huge jury verdicts that have recently come down against companies found to have violated ...
    2 weeks ago
  • Fun with fake Flash: an Abode update you dont want


    HolisticInfoSec.orgAuthority Authority: 109
    Jericho of Attrition.org (support the Open Security Foundation!) recently asked the VIM mailing list a question: Adobe Flash - vuln or just "design"? The question, inspired by Mike Bailey s work for Foreground Security, leads to healthy debate, including press and vendor response . But, ironically the same day ...
    3 weeks ago
  • Writing Secure WordPress Plugins talk by Mark Jaquith


    Infinite Pig TheoremAuthority Authority: 106
    Continuing my notes and remarks from WordCamp , I attended Writing Secure Plugins , which was given by Mark Jaquith (@ markjaquith on Twitter). I found the talk to be also slightly introductory on security matters but nicely oriented to WordPress plugins and general PHP Web app development. I believe most of ...
    3 weeks ago
  • Facebook Hit With A New Clickjacking Worm


    CyberInsecure.comAuthority Authority: 128
    The attack began when a victim encountered the image of the near-naked woman on a friend’s profile page along with the words “Want 2 C something hot? Click da button, baby!” Facebookers who took the bait - and were logged in to their accounts at the time - found their profile pages were updated to [...]
    3 weeks ago
  • Wanna C Somthin HOT!?? Click Da Button, Baby!


    Computerworld BlogsAuthority Authority: 145
    A new Facebook clickjacking worm is doing the rounds. And this ones fiendishly clever. In IT Blogwatch , bloggers are wary of Greeks bearing gifts. read more
    3 weeks ago
  • Twitter misidentifying context


    The SpannerAuthority Authority: 402
    This is an important post for me, not because it’s ground breaking but people don’t seem to get this when using data in certain context. If you are a dev please read this and read it until you understand it because if you misidentify context you fail and you fail pretty badly. I reported this to twitter about two ...
    3 weeks ago
  • Bypassing CSP for fun, no profit


    The SpannerAuthority Authority: 402
    I had fun at Confidence 2.0 CON, I’m gonna blog about the stuff I was holding back now So I figured how to bypass CSP with UTF-7 and JSON. Basically any site with a JSON feed that can be manipulated by an attacker (reflective or persistent) can be injected with even in a correctly escaped JSON feed. Utf-7 can be ...
    3 weeks ago
  • Major IE8 flaw makes safe sites unsafe


    Simon Willison's WeblogAuthority Authority: 619
    Major IE8 flaw makes ’safe’ sites unsafe . IE8 has an XSS protection feature which rewrites potentially harmful code in HTML pages—I think it looks for suspicious input in query strings which appears to have been output directly on the page. Unfortunately it turns out there’s a flaw in the feature that can ...
    3 weeks ago
  • Intert Security News: Week in Review


    HomeATMAuthority Authority: 150
    Internet Security News: Week in Review EU security agency highlights cloud computing risks (from NetworkWorld at 21-11-2009) Cloud computing users face problems including loss of control over data, difficulties proving compliance, and additional legal risks as data moves from ...
    3 weeks ago
  • The Value of Self-Serving Code - Elizabeth Naramore


    Computer & Internet - computer-internet.marc8.comAuthority Authority: 165
    Its Friday night. Im writing code. Not good code, mind you. Crappy code. Completely self-serving code that serves only one purpose: to solve a problem I alone have. No one else will see this code. No one else will use this mini-app. Im writing it for myself and myself alone. read more
    3 weeks ago

Comments about xss

Personal attacks are NOT allowed
Please read our comment policy