Hi folks....
XSS (Cross site scripting) has been all over the news about security and I am sure you've heard about it even a bit. So, you must be curious on how it works....and more important is how to detect and fix such problem.
I came across this nice tutorial few days ago. I found it as simple, straight to the point and easy to follow....even for someone new in security field but at least has grab some root of web development. The author is Steve Kemp and it seems he has some talents regarding security (he released some advisories).
Follow the links...read through the steps. Starting from reintroduction of what cookies is, how javascript could be used to read such info, then a simple intro about public forum text box that can be misused to display embedded javascript and eventually finished by a general recipe on how to prevent such problem (hint: some scripting modules can "wash out" unexpected characters).
Enjoy ............ :)
regards,
Mulyadi Santosa.
A place where I share my daily experience in both technical and non technical issues. Expect to read Linux kernel related posts too.
Subscribe to:
Posts (Atom)
How to execute multiple commands directly as ssh argument?
Perhaps sometimes you need to do this: ssh user@10.1.2.3 ls It is easy understand the above: run ls after getting into 10.1.2.3 via ssh. Pi...
-
Ever saw something like below messages inside your KVM (Kernel Virtual Machine) guest's console? " BUG: soft lockup - CPU#0 stuck f...
-
Quick summary first: use gcc -save-temps ! Ever dig into Qemu (qemu.org) source code? OK, I assume you ever did that at least once... may ...
-
Dear readers This time I met interesting case, thus I think it is worth sharing it with you all. But first, big disclaimer. I AM NOT FREE ...