XSS (Cross Site Scripting) Prevention Cheat Sheet - OWASP
http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
The Spanner - XSS Rays
http://www.thespanner.co.uk/2009/03/25/xss-rays/
The Spanner - XSS RaysJavaScript for hackers - Opera Developer Community
Introduction I love to use JavaScript in unexpected ways, to create code that looks like it shouldn't work but does, or produces some unexpected behavior. This may sound trivial, but the results I've found lead to some very useful techniques. Each of the techniques described can be used for XSS filter evasion, which was my original intention when developing them. However, learning such JavaScript can dramatically increase your knowledge of the language, helping you become better at cleaning up input, and increase web application security. So read on and enjoy my weird and wonderful JavaScript hacks. RegExp replace can execute code When using regular expressions with replace the second argument supports a function assignment. In Opera it seems you can use this argument to execute code. For example, check out the code snippet below: 'XSS'.replace(/XSS/g,alert) This results in alert('XSS'); this works because the match from the RegExp is passed to the alert function as an argument. N
I love to use JavaScript in unexpected ways, to create code that looks like it shouldn't work but does, or produces some unexpected behavior. This may sound trivial, but the results I've found lead to some very useful techniques. Each of the techniques described can be used for XSS filter evasion, which was my original intention when developing them. However, learning such JavaScript can dramatically increase your knowledge of the language, helping you become better at cleaning up input, and increase web application security.XSS (Cross Site Scripting) Prevention Cheat Sheet - OWASP
XSS (Cross Site Scripting)Secure Your Forms With Form Keys - Nettuts+
this bookmark brought from the del.icio.us home.
Security is a hot topic. Ensuring that your websites are secure is extremely important for any web application. In fact, I spend 70% of my time securing myGetting Clean With PHP - Nettuts+
How Twitter was hacked.10 Essential Firefox Plugins for the Infosec Professional | dmiessler.com
I’ve moved to Chrome and Safari as my primary browsers, but nothing compares to Firefox when it comes to functionality and plugin support. Shown below are the information security related plugins I recommend any infosec professional (or enthusiast) install upon spinning up a new Firefox instance.Use jQuery - Blog - The jQuery Cross-Domain Ajax Guide
normallyAsk SM: PHP/MySQL Security | How-To | Smashing Magazine
Resources that emit Json arrays risk data theft