Evolution of Cross-Site Scripting Attacks
It seems today that Cross-Site Scripting (XSS) holes in popular web applications are being discovered and disclosed at an ever-increasing rate. Just glancing at the Bugtraq security mailing list archives over the first half of 2002 shows countless postings of XSS holes in widely used websites and applications.
This iDEFENSE Labs paper predicts that fully and semi-automated techniques will aggressively begin to emerge for targeting and hijacking web applications using XSS, thus eliminating the need for active human exploitation. Some of these techniques are detailed along with solutions and workarounds for web application developers and users.
(Submitted by LogError Wed May 22, 2002 )
Our content can be syndicated: Main page Mac Page
Copyright 1999-2005 Noel Davis. Noel also runs web sites about sailing and kayaking.
All trademarks are the property of their owners.
All articles are owned by their author