uncleflo
Registered since September 28th, 2017
Has a total of 4281 bookmarks.
Showing top Tags within 4 bookmarks
howto information development guide reference administration design website software solution service online product business uk tool company linux code server system application web list video marine create data experience tutorial description explanation learn technology build article blog world boat project download windows lookup security free performance javascript technical london control network beautiful tools support course file research purchase image library programming youtube example php construction opensource install community html quality profile computer feature power browser music platform mobile process work manage professional user share database hardware buy industry internet dance advice developer installation camera search 3d access customer material travel money test standard develop css review documentation engineering photography engine webdesign digital device speed api source event question management program client phone discussion story simple content water marketing yacht app account setup idea interface package fast communication cheap compare script market study easy live google resource operation demonstration startup monitor
Tag selected: XSS.
Looking up XSS tag. Showing 4 results. Clear
Protecting Your Cookies: HttpOnly
Saved by uncleflo on June 30th, 2017.
So I have this friend. I've told him time and time again how dangerous XSS vulnerabilities are, and how XSS is now the most common of all publicly reported security vulnerabilities -- dwarfing old standards like buffer overruns and SQL injection. But will he listen? No. He's hard headed. He had to go and write his own HTML sanitizer. Because, well, how difficult can it be? How dangerous could this silly little toy scripting language running inside a browser be?
security horror protect write dangerous difficult vulnerable story blog explanation howto steal session script inject website administration escape xss hack
HTML Purifier XSS Attacks Smoketest
Saved by uncleflo on January 20th, 2015.
A list of XSS attack to check for. Caveats: Google.com has been programatically disallowed, but as you can see, there are ways of getting around that, so coverage in this area is not complete. Most XSS broadcasts its presence by spawning an alert dialogue. The displayed code is not strictly correct, as linebreaks have been forced for readability. Linewraps have been marked with ». Some tests are omitted for your convenience. Not all control characters are displayed.
security javascript html web test attack reference xss hack crack development check list
XSS (Cross Site Scripting) Prevention Cheat Sheet - OWASP
Saved by uncleflo on January 20th, 2015.
This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack. This article does not explore the technical or business impact of XSS. Suffice it to say that it can lead to an attacker gaining the ability to do anything a victim can do through their browser. Both reflected and stored XSS can be addressed by performing the appropriate validation and escaping on the server-side. DOM Based XSS can be addressed with a special subset of rules described in the DOM based XSS Prevention Cheat Sheet. For a cheatsheet on the attack vectors related to XSS, please refer to the XSS Filter Evasion Cheat Sheet. More background on browser security and the various browsers can be found in the Browser Security Handbook.
hacking scripting prevention cheat sheet owasp cross XSS rule guideline properly attack vector explore technical browser business output escape ecode serious security model filter evasion ability impact defend information administration development howto reference
Secure Cookies: The HttpOnly Flag | Security Musings
Saved by uncleflo on January 20th, 2015.
Cross Site Scripting (XSS) vulnerabilities can be pretty dangerous. On web applications, they can lead to everything from breaches in privacy to complete account compromisation. One of the many ways that attackers can take advantage of XSS holes is by reading the information stored in the browser cookies and using it to impersonate a legitimate user. To the vulnerable site, there is usually no difference between the credentials provided by the real user and those provided by an attacker– so everything looks peachy on the surface.
xss attack hack crack cookie protect secure security http script web browser limit regular header server development administration privacy account flag operation httponly apache
No further bookmarks found.