uncleflo
Registered since September 28th, 2017
Has a total of 4246 bookmarks.
Showing top Tags within 4 bookmarks
howto information development guide reference administration design website software solution service product online business uk tool company linux code server system application web list video marine create data experience description tutorial explanation technology build blog article learn world project boat download windows security lookup free performance javascript technical network control beautiful support london tools course file research purchase library programming image youtube example php construction html opensource quality install community computer profile feature power browser music platform mobile work user process database share manage hardware professional buy industry internet dance advice installation developer 3d camera search access customer travel material test standard review documentation css money engineering engine develop webdesign device photography digital api speed source management program phone discussion question event client story simple water marketing app yacht content setup package fast idea interface account communication cheap compare script study market live easy google resource operation startup monitor training
Tag selected: XSS.
Looking up XSS tag. Showing 4 results. Clear
Protecting Your Cookies: HttpOnly
Saved by uncleflo on June 30th, 2017.
So I have this friend. I've told him time and time again how dangerous XSS vulnerabilities are, and how XSS is now the most common of all publicly reported security vulnerabilities -- dwarfing old standards like buffer overruns and SQL injection. But will he listen? No. He's hard headed. He had to go and write his own HTML sanitizer. Because, well, how difficult can it be? How dangerous could this silly little toy scripting language running inside a browser be?
security horror protect write dangerous difficult vulnerable story blog explanation howto steal session script inject website administration escape xss hack
HTML Purifier XSS Attacks Smoketest
Saved by uncleflo on January 20th, 2015.
A list of XSS attack to check for. Caveats: Google.com has been programatically disallowed, but as you can see, there are ways of getting around that, so coverage in this area is not complete. Most XSS broadcasts its presence by spawning an alert dialogue. The displayed code is not strictly correct, as linebreaks have been forced for readability. Linewraps have been marked with ». Some tests are omitted for your convenience. Not all control characters are displayed.
security javascript html web test attack reference xss hack crack development check list
XSS (Cross Site Scripting) Prevention Cheat Sheet - OWASP
Saved by uncleflo on January 20th, 2015.
This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack. This article does not explore the technical or business impact of XSS. Suffice it to say that it can lead to an attacker gaining the ability to do anything a victim can do through their browser. Both reflected and stored XSS can be addressed by performing the appropriate validation and escaping on the server-side. DOM Based XSS can be addressed with a special subset of rules described in the DOM based XSS Prevention Cheat Sheet. For a cheatsheet on the attack vectors related to XSS, please refer to the XSS Filter Evasion Cheat Sheet. More background on browser security and the various browsers can be found in the Browser Security Handbook.
hacking scripting prevention cheat sheet owasp cross XSS rule guideline properly attack vector explore technical browser business output escape ecode serious security model filter evasion ability impact defend information administration development howto reference
Secure Cookies: The HttpOnly Flag | Security Musings
Saved by uncleflo on January 20th, 2015.
Cross Site Scripting (XSS) vulnerabilities can be pretty dangerous. On web applications, they can lead to everything from breaches in privacy to complete account compromisation. One of the many ways that attackers can take advantage of XSS holes is by reading the information stored in the browser cookies and using it to impersonate a legitimate user. To the vulnerable site, there is usually no difference between the credentials provided by the real user and those provided by an attacker– so everything looks peachy on the surface.
xss attack hack crack cookie protect secure security http script web browser limit regular header server development administration privacy account flag operation httponly apache
No further bookmarks found.