Re: Cross Site Scripting Vulnerabilities - XSS

• Previous message: Moser Max: "Requesting comments for a new wireless software project"
• In reply to: Jason binger: "Cross Site Scripting Vulnerabilities - XSS"
• Next in thread: Bill Pennington: "Re: Cross Site Scripting Vulnerabilities - XSS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 6 Aug 2002 08:02:08 -0700
From: Chad Loder <cloder@acm.org>
To: Jason binger <cisspstudy@yahoo.com>

Hi Jason,

I'm not sure if you're interested in commercial tools
or not, but Rapid 7's vulnerability scanner NeXpose
will spider an entire website and test each field of
each form it encounters for vulnerability to cross
site scripting.

You can download an eval copy from www.rapid7.com.

Yours,
        Chad Loder
        Rapid 7, Inc.

* Jason binger <cisspstudy@yahoo.com> [020806 07:35]:
> Has anyone on the list done much with testing for XSS
> vulnerabilities?
>
> Has anyone written a simple work program to test for
> these vulnerabilities that they are happy to
> distribute so others can do basic testing for these
> vulnerabilities?
>
> There a few papers out on this topic, but none that I
> hve seen that really focus on the testing side of
> things.
>
> Thanks
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Health - Feel better, live better
> http://health.yahoo.com
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: Moser Max: "Requesting comments for a new wireless software project"
• In reply to: Jason binger: "Cross Site Scripting Vulnerabilities - XSS"
• Next in thread: Bill Pennington: "Re: Cross Site Scripting Vulnerabilities - XSS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Cross Site Scripting Vulnerabilities - XSS ... Cross Site Scripting Vulnerabilities - XSS ... >>> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re:One Big Review, One Small Script? ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... >automatically alerts you to the latest security vulnerabilities please see: ... (Pen-Test) Re: Scanners and unpublished vulnerabilities - Full Disclosure ... AH> vulnerabilities they have notified vendors about. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) MDAC/ IIS / Shell Code Goodies ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... automatically alerts you to the latest security vulnerabilities please see: ... (Pen-Test) RE: Vulnebrability level definition ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... automatically alerts you to the latest security vulnerabilities please see: ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint