Search Blogs
Tag Search Results For 'xss' (67)
Poorly Coded web-sites more vulnerable to get Hacked.
Web Hosting Blog | October 9th 2008 by bobmicfo
Web-sites are vulnerable due to poor coding by the web designers. These are very old mistakes that the designers tend to neglect allowing nasty hackers hijack web-site visitors to their sites. According to researchers, many websites have loo read more
Методы обхода httpOnly
Raz0r.name - web-security blog | October 7th 2008 by Paul Culshaw
httpOnly - это дополнительный флаг для HTTP-заголовка Set-Cookie, который указывает на запрет чтения/записи данных Cookie посредством JavaScript, отсюда и н read more
Xsstc: Cross-site scripting through CSS
Blog For Malaysian Hacker | September 24th 2008 by saiful faizan
Generally speaking, the browser is sandboxed by the same-origin policy, and mashups that want to incorporate data from external sites, even if those sites are cooperating, need to provide server-side proxies. There are a couple of popular workarounds read more
Защита от CSRF
Raz0r.name - web-security blog | September 20th 2008 by Paul Culshaw
CSRF является одной из самых распространенных уязвимостей в современных веб-приложениях. Это связано с недооценкой разработчиками степе read more
Sanitizing user data: How and where to do it
Diovo Technology Blog | September 10th 2008 by Niyaz PK
User data can be dangerous. Whatever the user supplies as data, especially in a web application, cannot be assumed to be safe. On the contrary, there are many malicious users who try to exploit every security vulnerability in your application. XSS, C read more
Using CodeIgniter to build Web 2.0 Apps Part One: Security
SEO Marketing Zone | September 10th 2008 by Assaf B
CodeIgniter is a wonderful PHP framework that takes most of the hard work out of building a Web 2.0 application. It allows you to use one of 7 database engines, has built in support for SEO/SEF urls and is very small and speedy. … read mor read more
Tecnica di scripting corss-site
Devjoker 3.0 | September 5th 2008 by Rocco Verrastro
Mediante questa tecnica, un hacker potrebbe eseguire porzioni di codice in linguaggi di scripting lato-client, come Javascript, al fine di carpire cookie o altri dati sensibili. Il cross-site scripting non è affatto complesso da realizzare: basta in read more
CSRF nedir ? mantıgını anlamak
Alemin_Kralindan düşünen insanlara... al3m.blogspot.com | August 31st 2008 by murat tarhan
yazıyı çok uzunca yazıp kafanızı karıştırmak istemiyorum onun için kısaca anlatacagım.şimdi bizim crazy_king bi tane domain scripti yapmış.evet girdik domain aldık domain panelindeyiz artık.if(!giris_yapılmistir()) { exit; }şimdi d read more
JS Judo + XSS + CSRF = Pwnage
Insane Security | August 4th 2008 by in the spine
…an excellent breeding environment for an XSS worm… What is an XSS worm? Wikipedia An XSS Worm, also known as a cross site scripting virus[1], is a malicious (or sometimes non-malicious) payload that propagates among visitors of a websi read more
Site Security Policy: новое слово в web-безопас…
Raz0r.name - web-security blog | July 30th 2008 by Paul Culshaw
Не так давно один из представителей группы по безопасности из компании Mozilla, а именно Brandon Sterne объявил о начале разработки специального м read more
Internet Explorer 8.0 to include lot of security features
L . i . n . k . e . r | July 28th 2008 by Premnath Sah
Microsoft is planning to include lot of new security features into Internet Explorer beta 2 which is going to be released this August. Some of the new features include Cross site scripting filter Better protection against phishing attacks some chang read more
Django 1.0 alpha released
Brajeshwar | July 22nd 2008 by Brajeshwar
Django 1.0 Alpha is the first in a series of preview/development releases leading up to the eventual release of Django 1.0, currently scheduled to take place in early September 2008. read more
XdSS - cross domain site scripting
Insane Security | July 17th 2008 by in the spine
Now available in local stores near you… I’m kinda 3 days off, but just today took the time to take a look on the feeds I follow, and came across this interesting article back at F-Secure’s blog -> Internet Explorer 6 Cross-Domai read more
Enigma?
Insane Security | July 17th 2008 by in the spine
Now this may be interesting… Should you write your own code? … or… Download already available code?… this is a question that’s been bothering me for a while, as I think will bother others from now on (maybe)… IR read more
WebGoat - cause everyone else is doing it!
Insane Security | July 15th 2008 by in the spine
The unzip and run insecure J2EE web application… at least under windows… WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstra read more
XSS через DOM
Raz0r.name - web-security blog | July 11th 2008 by Paul Culshaw
Всем известны два типа XSS: Пассивные XSS (reflected или Type 1 XSS) - переданные данные отражаются в HTML-коде страницы только для конкретного пользов read more
Google's Open Source Security Audit Tool
Realtime Messaging and Web Security | July 8th 2008 by Realtime Publishers
Google has placed Ratproxy, a passive security audit tool, into open source read more
XSS-Filter for Internet Explorer 8
Logging The Cyber World - Logging the events and activities… | July 8th 2008 by Xyber
For more details about this new XSS Filter for Internet Explorer 8, read here (XSSFilter in IE8.0) read more
NoScript: мощная XSS-защита для Firefox
Raz0r.name - web-security blog | July 5th 2008 by Paul Culshaw
Если в Internet Explorer только ожидаются новые XSS-фильтры, то пользователи Firefox уже больше года имеют возможность эффективно защитить себя от ра read more
En liten ordlista
En PC & Nätverksteknikers tankar | July 4th 2008 by Robert Johansson
Cross-site scripting, XSS, är ett datorrelaterat säkerhetsproblem. Ofta handlar det om att stjäla information som annars inte visas, eller förstöra en webbsidas utseende.XSS kan också användas för att "lura" till sig information. Exempelvis k read more
RatProxy - Web Application Audit Tool From Google
VT's Tech Blog | July 4th 2008 by Vinu Thomas
After HP & Microsoft’s security tool, Google’s gotten onto distribuing a Security Audit tool. Here’s Ratproxy which is a passive web security audit tool based on the observation of existing, user-initiated traffic in complex w read more
Facebook är sårbar för XSS
En PC & Nätverksteknikers tankar | July 3rd 2008 by Robert Johansson
Jouko Pynnonen har publicerat uppgifter om flera Cross-site Scripting sårbarheter i Facebook. Den typen av sårbarheter är vanliga men blir allvarliga när de finns på så tungt trafikerade webbplatser som Facebook.Cross-Site Scripting, XSS, anvä read more
Безопасность в Internet Explorer 8
Raz0r.name - web-security blog | July 3rd 2008 by Paul Culshaw
Вчера на официальном блоге Microsoft Internet Explorer были опубликованы сведения, касающиеся новых мер, направленных на повышение безопасности вос read more
Why you should validate all form fields
Diovo Technology Blog | July 2nd 2008 by Niyaz PK
Cross-site scripting (XSS) and SQL injection attacks are real and growing threats in the web. Malicious users try to exploit any kind of security vulnerability they find in web applications. That is the reason why every single input field in your web read more
Flertalet sårbarheter i webbservern Tomcat 4.0
En PC & Nätverksteknikers tankar | July 1st 2008 by Robert Johansson
Ett flertal säkerhetsbrister har upptäckts i webbservern Tomcat 4.0 som skeppas med Sun Solaris 9 och 10. Sårbarheterna kan utnyttjas till bland annat: tillgänglighetsattack (DoS), Cross-site Scripting (XSS), exekvering av godtyckligt webbskript read more
myblog-sql.txt
MySQL Security | June 23rd 2008 by T. Zane
MyBlog: PHP and MySQL Blog/CMS software suffers from SQL injection and cross site scripting vulnerabilities. books categories falcon father of falcon img 0498 2 jim starkey misc news pbxt technology thanks to jim theopenforce combooks, cat read more
Secure Development - preventing Cross Site Scripting
Security Ninja | June 16th 2008 by David Rook
Hi everyone, I have included a Google Docs reader below for a paper I have written on Cross Site Scripting. The paper discusses the three types of Cross Site Scripting attacks as well as code examples and the associated fix.The paper can be viewed he read more
Xss Nella Nuova DashBoard di WordPress.com
Red Skull 92 Official Site | May 30th 2008 by Red Skull 92
Bug In Wordpress.com Non Fixato read more
Apple.com XSS
PhishMe | May 23rd 2008 by phishme
A few weeks ago I was looking into writing an application for my iPhone. At some point, I felt compelled to actually give it a shot, and I headed over to Apple’s web site to download XCode and whatever other tools I needed. Of course, I couldn& read more
Вы верите в призраков?
Raz0r.name - web-security blog | May 22nd 2008 by Paul Culshaw
Довольно любопытный пост недавно появился на GNUCITIZEN. В нем рассказывается о новом способе слежения за пользователями, с помощью которого read more
Subscribe To