xss

Pages tagged xss:

XSS (Cross Site Scripting) Prevention Cheat Sheet - OWASP
http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
The Spanner - XSS Rays
http://www.thespanner.co.uk/2009/03/25/xss-rays/

The Spanner - XSS Rays

JavaScript for hackers - Opera Developer Community
http://dev.opera.com/articles/view/opera-javascript-for-hackers-1/

Introduction I love to use JavaScript in unexpected ways, to create code that looks like it shouldn't work but does, or produces some unexpected behavior. This may sound trivial, but the results I've found lead to some very useful techniques. Each of the techniques described can be used for XSS filter evasion, which was my original intention when developing them. However, learning such JavaScript can dramatically increase your knowledge of the language, helping you become better at cleaning up input, and increase web application security. So read on and enjoy my weird and wonderful JavaScript hacks. RegExp replace can execute code When using regular expressions with replace the second argument supports a function assignment. In Opera it seems you can use this argument to execute code. For example, check out the code snippet below: 'XSS'.replace(/XSS/g,alert) This results in alert('XSS'); this works because the match from the RegExp is passed to the alert function as an argument. N

I love to use JavaScript in unexpected ways, to create code that looks like it shouldn't work but does, or produces some unexpected behavior. This may sound trivial, but the results I've found lead to some very useful techniques. Each of the techniques described can be used for XSS filter evasion, which was my original intention when developing them. However, learning such JavaScript can dramatically increase your knowledge of the language, helping you become better at cleaning up input, and increase web application security.

XSS (Cross Site Scripting) Prevention Cheat Sheet - OWASP
http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

XSS (Cross Site Scripting)

Secure Your Forms With Form Keys - Nettuts+
http://net.tutsplus.com/tutorials/php/secure-your-forms-with-form-keys/

this bookmark brought from the del.icio.us home.

Security is a hot topic. Ensuring that your websites are secure is extremely important for any web application. In fact, I spend 70% of my time securing my

Getting Clean With PHP - Nettuts+
http://net.tutsplus.com/tutorials/php/getting-clean-with-php/
Brian Mastenbrook: How I cross-site scripted Twitter in 15 minutes, and why you shouldn't store important data on 37signals' applications
http://brian.mastenbrook.net/display/36

How Twitter was hacked.

10 Essential Firefox Plugins for the Infosec Professional | dmiessler.com
http://dmiessler.com/blog/10-essential-firefox-plugins-for-the-infosec-professional

I’ve moved to Chrome and Safari as my primary browsers, but nothing compares to Firefox when it comes to functionality and plugin support. Shown below are the information security related plugins I recommend any infosec professional (or enthusiast) install upon spinning up a new Firefox instance.

Use jQuery - Blog - The jQuery Cross-Domain Ajax Guide
http://usejquery.com/posts/9/the-jquery-cross-domain-ajax-guide

normally

Ask SM: PHP/MySQL Security | How-To | Smashing Magazine
http://www.smashingmagazine.com/2009/04/01/ask-sm-phpmysql-security/
Anatomy of a Subtle JSON Vulnerability
http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx

Resources that emit Json arrays risk data theft