> Great ! This article is a very good explanation of how to > set-up an attack against web apps by using XSS. Thanks :-) It was inspired in part by the fact that so many users, but more important vendors, don't seems to have a clear grasp of what XSS is and how it affects their sites. >However, it is not really a "prediction" of a new type of attack: >several people (including me ;) have pointed out in the past on this mailing-list that I agree, I tried to make that subtle distinction in the paper but perhaps it didn't come across: I wasn't trying to predict automated XSS attacks (which have been demonstrated before by others including you), but instead predict it would start happening more and more. The main point was to grab people's attention to increase awareness ahead of time. -dave
This archive was generated by hypermail 2b30 : Mon May 20 2002 - 18:08:23 PDT