The Cross Site Scripting FAQ
Answers questions on identification, threats, and prevention. Provides examples and links.
Apache: Cross Site Scripting Info
How the attack affects websites hosted on the Apache webserver and Apache specific issues.
CERT/CC: How To Remove Meta-characters From User-Supplied Data In CGI Scripts
Examples in C and Perl.
Cross Site Scripting Vulnerabilities
Security consultant David deVitry offers background information, a free CSS vulnerability detector, and a list of vulnerable sites.
iDefense iALERT White Paper: Evolution of Cross-Site Scripting Attacks
Predicts semi-automated techniques will aggressively begin to emerge for targeting and hijacking web applications.
Information on Cross-Site Scripting Security Vulnerability
Microsoft Technet provides a FAQ, overview of the threats posed by XSS, and suggestions for how their customers can protect themselves.
InfoWorld Opinions: Cross-site Scripting
Article on this often overlooked threat with links. (May 6, 2002)
perl.com: Preventing Cross-site Scripting Attacks
Paul Lindner, author of the mod_perl cookbook, explains how to secure our sites against Cross-Site Scripting attacks using mod_perl and Apache::TaintRequest. (February 20, 2002)
'Cross-site scripting' tears holes in Net security
USA Today article by Byron Acohido that details WhiteHat Security's assesment of Hotmail, Yahoo, Amazon, and America Online. (August 30, 2001)
CNN.com: Schwab's Site Could be Vulnerable
Charles Schwab's online customers are at risk of having their account information accessed and their accounts manipulated due to the same software vulnerability that affected E-Trade's Web site in September. (December 8, 2000)
Microsoft Security Bulletin (MS00-060)
Patch available for 'IIS Cross-Site Scripting' vulnerabilities. (August 25, 2000)
CERT Advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests
Advisory published jointly by the CERT Coordination Center, DoD-CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capability (FedCIRC), and the National Infrastructure Protection Center (NIPC). (February 2, 2000)
The Cross Site Scripting FAQ
Answers questions on identification, threats, and prevention. Provides examples and links.
Apache: Cross Site Scripting Info
How the attack affects websites hosted on the Apache webserver and Apache specific issues.
CERT/CC: How To Remove Meta-characters From User-Supplied Data In CGI Scripts
Examples in C and Perl.
Cross Site Scripting Vulnerabilities
Security consultant David deVitry offers background information, a free CSS vulnerability detector, and a list of vulnerable sites.
iDefense iALERT White Paper: Evolution of Cross-Site Scripting Attacks
Predicts semi-automated techniques will aggressively begin to emerge for targeting and hijacking web applications.
Information on Cross-Site Scripting Security Vulnerability
Microsoft Technet provides a FAQ, overview of the threats posed by XSS, and suggestions for how their customers can protect themselves.
InfoWorld Opinions: Cross-site Scripting
Article on this often overlooked threat with links. (May 6, 2002)
perl.com: Preventing Cross-site Scripting Attacks
Paul Lindner, author of the mod_perl cookbook, explains how to secure our sites against Cross-Site Scripting attacks using mod_perl and Apache::TaintRequest. (February 20, 2002)
Results: 1 2 3 Next
Site
Menu 
