Sponsored results
Links
- 'Cross-site scripting' tears holes in Net security
USA Today article by Byron Acohido that details WhiteHat Security's assesment of Hotmail, Yahoo, Amazon, and America Online. (August 30, 2001)
http://www.usatoday.com/tech/news/2001-08-31-hotmail-security-side.htm
- CNN.com: Schwab's Site Could be Vulnerable
Charles Schwab's online customers are at risk of having their account information accessed and their accounts manipulated due to the same software vulnerability that affected E-Trade's Web site in September. (December 8, 2000)
http://www.cnn.com/2000/TECH/computing/12/08/schwab.cost.idg/
- CERT Advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests
Advisory published jointly by the CERT Coordination Center, DoD-CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capability (FedCIRC), and the National Infrastructure Protection Center (NIPC). (February 2, 2000)
http://www.cert.org/advisories/CA-2000-02.html
- perl.com: Preventing Cross-site Scripting Attacks
Paul Lindner, author of the mod_perl cookbook, explains how to secure our sites against Cross-Site Scripting attacks using mod_perl and Apache::TaintRequest. (February 20, 2002)
http://www.perl.com/pub/a/2002/02/20/css.html
- InfoWorld Opinions: Cross-site Scripting
Article on this often overlooked threat with links. (May 6, 2002)
http://www.infoworld.com/article/02/05/03/020506opsecurity_1.html
- Bypassing Javascript Filters - The Flash Attack
Paper by EyeonSecurity explaining how to inject CSS attacks into Web applications which allow Flash content.
http://eyeonsecurity.org/papers/flash-xss-description.htm
- CERT/CC: How To Remove Meta-characters From User-Supplied Data In CGI Scripts
Examples in C and Perl.
http://www.cert.org/tech_tips/cgi_metacharacters.html
- Cross Site Scripting Vulnerabilities
Security consultant David deVitry offers background information, a free CSS vulnerability detector, and a list of vulnerable sites.
http://www.devitry.com/security.html
- Apache: Cross Site Scripting Info
How the attack affects websites hosted on the Apache webserver and Apache specific issues.
http://httpd.apache.org/info/css-security/
The Computer Science Directory currently has categories, which include links along with indexed pages.