Hi folks....
XSS (Cross site scripting) has been all over the news about security and I am sure you've heard about it even a bit. So, you must be curious on how it works....and more important is how to detect and fix such problem.
I came across this nice tutorial few days ago. I found it as simple, straight to the point and easy to follow....even for someone new in security field but at least has grab some root of web development. The author is Steve Kemp and it seems he has some talents regarding security (he released some advisories).
Follow the links...read through the steps. Starting from reintroduction of what cookies is, how javascript could be used to read such info, then a simple intro about public forum text box that can be misused to display embedded javascript and eventually finished by a general recipe on how to prevent such problem (hint: some scripting modules can "wash out" unexpected characters).
Enjoy ............ :)
regards,
Mulyadi Santosa.
No comments:
Post a Comment