The site we use for our paper (http://www.spidynamics.com/mktg/xss/) is online at http://endo.webappsecurity.com/ Feel free to use it to educate people about XSS... As the Unix Terrorist stated so succinctly at Defcon, "Cross-site scripting is an issue that affects us all." Kevin Spett SPI Labs http://www.spidynamics.com/ ----- Original Message ----- From: "Jeremy Junginger" <jjat_private> To: "pen-test" <pen-testat_private> Sent: Monday, January 06, 2003 12:00 PM Subject: XSS LAB DEMO IDEAS After reading the papers by iDefense and the paper at http://www.technicalinfo.net/papers/CSS.html , I would like to put a working example together to familiarize our web developers with XSS vulnerabilities and their impact on the web site (and business). I would like to poll the group for interesting ways to demonstrate these vulnerabilities in a lab environment. Thanks for taking the time to give your input. -Jeremy ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 19:47:11 PST