Busy day. I already have a half dozen things to post, but in the interest of time and brevity I just wanted to mention a guide to cross site scripting attacks. This kind of article, subtitled “Three Ingredients for a Successful Hack”, reminds me of the controversy over the Anarchist Cookbook but updated for the digital age:
Cross site scripting (XSS) errors are generally considered nothing more than a nuisance — most people do not realize the inherent danger these types of bugs create. In this article Seth Fogie looks at a real life XSS attack and how it was used to bypass the authentication scheme of an online web application, leading to “shell” access to the web server.
Great. Now back to helping people find and quickly remove XSS vulnerabilities…