The RSS Blog

News and commentary from the cross-platform RSS and OPML community.

Peter Dawson passes along a suite of XSS vulnerability test cases and an OPML file containing RSS for all the test cases.

XSS is Cross Site Scripting. If you don't know how XSS (Cross Site Scripting) works, this page probably won't help you. This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion. This page will also not show you how to mitigate XSS vectors or how to write the actual cookie/credential stealing/replay/session riding portion of the attack. It will simply show the underlying methodology and you can infer the rest. Also, please note my XSS page has been replicated by the OWASP 2.0 Guide in the Appendix section with my permission. However, because this is a living document I suggest you continue to use this site to stay up to date.

More: http://labs.grazr.com/?p=16

Reader Comments Subscribe
Type "339":