SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict
    Join Date
    May 2003
    Location
    nyc
    Posts
    363
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    XSS Vulnerability

    Hello All,

    How do you check a site for XSS Vulnerability? What is XSS about?

    I tried searching the forums but could not find the answer to these.

    James

  2. #2
    SitePoint Addict
    Join Date
    Oct 2004
    Location
    Brooklyn, NY
    Posts
    359
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This has some information on XSS:

    http://brainbulb.com/talks/php-security-briefing.pdf

    It's painfully easy to prevent, especially since PHP provides a good escaping function for HTML - htmlentities(). XSS vulnerabilities exist when you send tainted data to the client. This situation exists when you fail to filter input and also fail to escape output. Don't do that, and you'll be fine. :-)
    Chris Shiflett
    http://shiflett.org/

  3. #3
    SitePoint Addict
    Join Date
    May 2003
    Location
    nyc
    Posts
    363
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Chris,

    Thanks a lot. I'll read the doc. I am using Java/JSP env so I expect to have a little more work to do but undertanding what's to be done is the key

  4. #4
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Article

    Hello my firend

    This is good article about XSS attack:

    http://www-106.ibm.com/developerwork...ry/s-csscript/

    GOOD LUCK


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •