Cross Site Scripting Joy

Devolio

Popular Posts

8 Practical PHP Regex
PHP Regular Expressions
Automating MySQL Backups
PHP Security Guide
Understanding OOP
67 Killer Tools
Practical PHP Optimizations
How to: LAMP in Ubuntu 7.10
How to: APC in Ubuntu 7.10
RSS reader with SimpleXML

Tools and Tips

67 Killer Tools
Installing AWN in Ubuntu
40 Excellent Free Fonts
Project Planning Tips
Send SMS with PHP (free)
High performance Javascript
Send beautiful HTML emails
PCRE Tester and Cheat Sheet
RSS Reader with SimpleXML

Search

Tags

How To Javascript Linux Misc MySQL PHP Regex RSS

Archives

September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
Recent...
Older...

Subscribe

Wednesday, December 5. 2007

Cross Site Scripting Joy

Google for ‘cross site scripting‘ and you’ll get a plethora of articles and tutorials about vulnerabilities, loopholes, and exploits. Early in the development of JavaScript it was realised that client-side scripting had the capacity to access information in other browser windows that might be sensitive and which it certainly had no business reading. This was considered a problem and dubbed cross site scripting (thankfully abbreviated to XSS, not CSS). The basic security principle that solves this is the Same Origin Policy, which prevents scripts from accessing resources unless they come from the same host. Sounds simple enough, but modern XSS exploits are incredibly complex, getting around the same origin policy by taking advantage of opportunities to inject script into websites that simply redisplay input without encoding it first.
Posted by Joey in News, Resources at 18:25 | Comments (0) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments


Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications