xss Resources

ZDNet Dictionary Definition

XSS: (CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a...; Full XSS Definition >>

ZDNet Resources

phpMyAdmin Plugs SQL Injection, XSS Flaws: More secure than Windows solutions...You can put a Linux distro facing the public Internet however you cannot put a WindowsServer on the public Internet...; Tags: Microsoft Windows, SECURITY, XSS, SQL injection, SQL; Discussion threads 2009-10-16
phpMyAdmin Plugs SQL Injection, XSS Flaws: A new version of phpMyAdmin has been released to plug two serious security holes that could lead to SQL injection and cross-site scripting attacks. by Ryan Naraine; Tags: Flaw, XSS, SQL, SQL Injection, Security, Ryan Naraine; Blog posts 2009-10-16
Adobe plugs critical ColdFusion, JRun vulnerabilities: Adobe's never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms. The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead...; Tags: Adobe Systems Inc., Macromedia JRun, Allaire ColdFusion, Vulnerability, XSS, Cross-site Scripting Vulnerability, Development Tools, Software Development, Software/Web Development, Ryan Naraine; Blog posts 2009-08-18
Safari 4.0.2 patches two security vulnerabilities: Apple yesterday released Safari 4.0.2 via Software Update and recommends the update for users on all platforms. According to Apple's typically vague "release notes" the 40.2MB update improves the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes. According...; Tags: Web, Apple Safari, Knowledgebase, XSS, Patch Management, Web Site, Security Fix, Web Site Development, Security, Internet, Jason D. O'Grady; Blog posts 2009-07-08
Apple plugs dangerous Safari security holes: Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks. The vulnerabilities affect Safari for Windows XP and Vista and Mac OS X. Here are the raw details: ...; Tags: Apple Safari, XSS, Apple Inc., Safari 4.0.2, Security, Ryan Naraine; Blog posts 2009-07-08

Mozilla tackles XSS vulnerabilities with new technology: Mozilla tackles XSS vulnerabilities with new technologysounds kinda like SPF, but for JavaScriptVery cool!On another note, any idea's why Firefox doesn't take advantage of the Sandbox framework provided by Vista?Is it because of Vista's market share, to ease cross platform porting, or something else?It's JavaScript not Java ScriptSome purists might...; Tags: Scripting languages, Web browsers, JavaScript, XSS Vulnerability, XSS, Mozilla Corp.; Discussion threads 2009-06-22
Mozilla tackles XSS vulnerabilities with new technology: Mozilla's security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting XSS plague against modern Web browsers. The project, called Content Security Policy, is designed to shut down XSS attacks by providing a mechanism for...; Tags: Vulnerability, XSS, Web Browser, Mozilla Corp., Web Browsers, Internet, Ryan Naraine; Blog posts 2009-06-22
StrongWebmail CEO's mail account hacked via XSS: StrongWebmail CEO's mail account hacked via XSSXSS is one way to do it.. But the telephone authentication is still a flawed 2-factor authentication method.Well, I was really hoping I'd get to it before Lance did, my hat's off to you brother. I would have just attacked it form the phone...; Tags: Telecom & Utilities, phone, XSS, StrongWebMail; Discussion threads 2009-06-04
StrongWebmail CEO's mail account hacked via XSS: A Webmail service that touts itself as hack-proof and offered $10,000 to anyone who could break into the CEO's e-mail has lost the challenge. A trio of hackers successfully compromised the e-mail using persistent cross-site scripting XSS vulnerability and are now claiming the bounty. ...; Tags: XSS, CEO, E-mail, Online Communications, Ryan Naraine; Blog posts 2009-06-04
SWAP: Mitigating XSS Attacks Using a Reverse Proxy: Due to the increasing amount of Web sites offering features to contribute rich content, and the frequent failure of Web developers to properly sanitize user input, cross-site scripting prevails as the most significant security threat to Web applications. Using cross-site scripting techniques, miscreants can hijack Web sessions, and craft credible...; Tags: XSS, Attack; White papers 2009-05-13
Five 'must-secure' Web app vulnerabilities: Security holes in the Apache Geronimo Application Server and SAP cFolders headline a list of five serious Web app vulnerabilities that demand immediate attention. According to Mark Painter from the HP Security Laboratory, the Geronimo flaws expose users to a variety of attack vectors that could lead...; Tags: Novell Inc., Apache Geronimo, Attacker, Vulnerability, XSS, Web Application, SAP AG, Attack, Authentication Credential, SAP cFolders SAP cFolders, CS Whois Lookup CS Whois Lookup, Security, Ryan Naraine; Blog posts 2009-04-29
Twitter worm author gets a job at exqSoft Solutions: UPDATE: Mikeyy Mooney of Stalk Daily gets Hacked. Here's more info. Now that was so fast that even Owen Thor Walker AKILL and Michael Calce Mafiaboy should envy the short cybercrime-to-job offer cycle here. 17 years old Mikeyy Mooney, the author/spreader of StalkDaily/Mickeyy XSS worm that exploited...; Tags: Job, Web, XSS, Web Application, Worm, Twitter, Cloud Computing, Cyberthreats, Channel Management, Security, Viruses And Worms, Marketing, Dancho Danchev; Blog posts 2009-04-17
Twitter hit by multiple variants of XSS worm: Twitter hit by multiple variants of XSS wormYou're behind the times...This has already hit the /. community two days ago and most of the talk has been the usual "tar & feather" kind for the 17 year old that had created this particular worm. Especially given that at least...; Tags: Cyberthreats, Viruses and worms, SECURITY, worm, XSS worm, multiple variant, XSS, Twitter; Discussion threads 2009-04-14
Twitter hit by multiple variants of XSS worm: During the weekend and early Monday, at least four separate variants of the original StalkDaily.com XSS worm hit the popular micro-blogging site Twitter,Â automatically hijacking accounts and advertising the author's web site by posting tweets on behalf of the account holders, by exploiting cross site scripting flaws at the site....; Tags: Flaw, XSS, Worm, Twitter, www.StalkDaily.com, Mikeyy XSS, Cyberthreats, Viruses And Worms, Security, Dancho Danchev; Blog posts 2009-04-14
Google downplays severity of Gmail CSRF flaw: Yesterday, Vicente Aguilera Diaz from Internet Security Auditors released proof of concept of a CSRF (Cross-Site Request Forgery) vulnerability in Google's Gmail, which he originally communicated to Google two years ago. The CSRF flaw affects Gmail's "Change Password" function, since according to Diaz the session cookie is automatically sent by...; Tags: Google Inc., Google Gmail, Password, Flaw, Vulnerability, XSS, CSRF Flaw, E-mail Providers, Cloud Computing, Security, Internet, Dancho Danchev; Blog posts 2009-03-04
URL rewriting can help thwart Web app attacks: A Microsoft Web application security specialist is suggesting an offbeat defense-in-depth strategy to protect Web sites and applications from cross-site scripting XSS and cross-site request forgery XSRF attacks. According to Bryan Sullivan, security program manager for Redmond's Security Development Lifecycle team, Web developers should consider URL Rewriting...; Tags: Hyperlink, Attacker, Vulnerability, XSS, Web Application, Attack, Microsoft Web Application Security Specialist, Bryan Sullivan, E-mail, Security, Online Communications, Ryan Naraine; Blog posts 2009-02-27
Flaw exposes Chrome, Firefox to clickjacking: Flaw exposes Chrome, Firefox to clickjackingStonewalling over IE???How about the flaw in IE 6? IE 7?? After all, most users would be on one of those...not IE 8. LOVE how the headline leaves IE out and focuses on Chrome and Firefox.Whoa!Microsoft actually on top of security issues...; Tags: Web browsers, Spyware, adware & malware, Cyberthreats, SECURITY, Viruses and worms, Anti-spyware tool, NoScript, Microsoft Internet Explorer, malware, Mozilla Firefox, Web browser; Discussion threads 2009-01-29
First look - Internet Explorer 8 RC1: Yesterday Microsoft made available Internet Explorer 8 RC1 (release candidate 1), which means that as far as Microsoft is concerned, IE8 is cooked and that barring anything major, this will become the final release. So, what's the new browser like? by Adrian Kingsley-Hughes; Tags: XSS, Microsoft Internet Explorer, Web Browser, IE8, Web Browsers, Internet, Adrian Kingsley-Hughes; Blog posts 2009-01-27
MSDN Webcast: Managing Cross-Site Scripting Using CAT.NET and AntiXSS (Level 200): Cross-site scripting attacks are one of the most common attack vectors that plague Web applications. This webcast provide an overview of the tools designed for discovery and mitigation of cross-site scripting vulnerabilities in Microsoft .NET applications. Specifically, it looks at CAT.NET, which is a static code analysis tool developed by...; Tags: Microsoft Developer Network, Webcast, XSS, Microsoft Corp., Cross-site Scripting Attack; Webcasts 2009-01-09
The Perils of Cross-Site Scripting (XSS): Cross-site Scripting XSS attacks are universally seen as the #1 security vulnerability facing web applications. Don't wait another today to learn how protect the organization. The presenter of this webcast gives an overview on XSS (techniques, consequences and vulnerabilities and give real-world examples and offensive techniques aimed at short circuiting...; Tags: XSS, Breach Security; Webcasts 2009-01-01