Re: XSS LAB DEMO IDEAS

From: Kevin Spett (kspett@spidynamics.com)
Date: 01/06/03

Next message: Fernando Martins: "common criteria draft"

Previous message: Mark Curphey: "Re: XSS LAB DEMO IDEAS"
In reply to: Jeremy Junginger: "XSS LAB DEMO IDEAS"
Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: XSS LAB DEMO IDEAS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Kevin Spett" <kspett@spidynamics.com>
To: "Jeremy Junginger" <jj@act.com>, "pen-test" <pen-test@securityfocus.com>
Date: Mon, 6 Jan 2003 14:57:23 -0500

The site we use for our paper (http://www.spidynamics.com/mktg/xss/) is
online at http://endo.webappsecurity.com/ Feel free to use it to educate
people about XSS... As the Unix Terrorist stated so succinctly at Defcon,
"Cross-site scripting is an issue that affects us all."

Kevin Spett
SPI Labs
http://www.spidynamics.com/

----- Original Message -----
From: "Jeremy Junginger" <jj@act.com>
To: "pen-test" <pen-test@securityfocus.com>
Sent: Monday, January 06, 2003 12:00 PM
Subject: XSS LAB DEMO IDEAS

After reading the papers by iDefense and the paper at
http://www.technicalinfo.net/papers/CSS.html , I would like to put a
working example together to familiarize our web developers with XSS
vulnerabilities and their impact on the web site (and business). I
would like to poll the group for interesting ways to demonstrate these
vulnerabilities in a lab environment. Thanks for taking the time to
give your input.

-Jeremy

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Fernando Martins: "common criteria draft"
Previous message: Mark Curphey: "Re: XSS LAB DEMO IDEAS"
In reply to: Jeremy Junginger: "XSS LAB DEMO IDEAS"
Next in thread: Dawes, Rogan (ZA - Johannesburg): "RE: XSS LAB DEMO IDEAS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Cross Site Scripting Vulnerabilities - XSS
... > I am kinda new to XSS, but am intrigued by how it works. ... >> these vulnerabilities that they are happy to ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: Cross Site Scripting Vulnerabilities - XSS
... Cross Site Scripting Vulnerabilities - XSS ... >>> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
RE: Cross Site Scripting Vulnerabilities - XSS
... Cross Site Scripting Vulnerabilities - XSS ... >> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: Cross Site Scripting Vulnerabilities - XSS
... Cross Site Scripting Vulnerabilities - XSS ... >> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: faster scans? (nmap)
... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)