xss
RSS xssTechNet Webcast: How Microsoft Online Services Defends Against Cross-Site Scripting Vulnerabilities (Level 300)
White Paper Cross-Site Scripting (XSS) vulnerabilities are a serious threat to providing Microsoft Online Services customers with a trustworthy computing experience. This webcast explains how inconsistently or poorly integrated validated output can cause XSS... [06 Jul 2008]
TechNet Webcast: How Microsoft Online Services Defends Against Cross-Site Scripting Vulnerabilities (Level 200)
White Paper Cross-Site Scripting (XSS) vulnerabilities are a serious threat to providing Microsoft Online Services customers with a trustworthy computing experience. This webcast explains how inconsistently or poorly integrated validated output can cause XSS... [11 Apr 2008]
Importance of Web Application Firewall Technology for Protecting Web-Based Resources
White Paper While motivations of attackers against a victim's corporate and organizational assets remain the same (financial, IP, identity theft, services disruption, or denial of service, for example), web applications enable a whole new class of... [11 Apr 2008]
Web 2.0 threat looms
Comment XSS is one of the top 10 web application vulnerabilities identified by the Open Web Application Security Project (OWASP), along with injection attacks and malicious file execution. Browser vulnerabilities such as cross-site scripting (XSS) have the... [26 Nov 2007]
Gmail cookie flaw 'puts email at risk'
News According to Gatford, attackers could compromise a Gmail account - using a cross-site scripting [XSS] vulnerability - if the victim is logged in and clicks on a malicious link. In the last year or so, [XSS vulnerabilities] have been used by... [27 Sep 2007]
Live From Redmond: How Hackers Reverse Engineer and Exploit an ASP.NET AJAX Application
White Paper This webcast discusses the threat of Cross-Site Scripting (XSS), what it is and how this dangerous application security defect increases the attack surface of AJAX applications making the XSS threat even more malicious. [05 Jul 2007]
Scanning Ajax for XSS Entry Points
White Paper Cross site scripting (XSS) can make browsers vulnerable to critical information hijacking if exploited with malicious intent. XSS is already categorized as persistent, non-persistent and DOM-based. Ajax code loaded in browser can have entry points... [03 Jul 2007]
Web 2.0 security warning for business
News Cross-site scripting (XSS) involves injecting malicious code into pages served by other domains. An attacker can gain access privileges to sensitive page content and session cookies by exploiting XSS vulnerabilities. [27 Mar 2007]
Live From Redmond: The Next Generation of AJAX Attacks - A New Generation of Attack Theories
White Paper Specifically the webcast discusses browser/server interact issues, the increased attack surface of AJAX applications, repudiation of HTTP requests, exposing application logic, vulnerabilities in AJAX bridges, cross-site scripting (XSS) and AJAX (i.e. [22 Feb 2007]
Google slams the door on XSS flaw
News Google has patched a cross-site scripting (XSS) vulnerability in one of its web-hosting services. If left unpatched, the vulnerability could have allowed hackers to modify third-party Google documents and spreadsheets, and view mail subjects and... [17 Jan 2007]
Alert over Adobe Acrobat flaw
News He said: "This vulnerability makes it possible for cross-site-scripting (XSS) attacks to occur, to steal cookies, session information, or possibly create an XSS worm. XSS attacks put online accounts at risk of hijack and feed information-thieving... [04 Jan 2007]
Passwords at risk from Firefox, IE flaw
News As the page did not exhibit any signs of external content, such as cross-site scripting (XSS) or open redirects, it is "convincing, and even security-conscious users are at risk of becoming victims", said CIS. [23 Nov 2006]
The Anatomy of Cross Site Scripting
White Paper Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal. Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full... [21 Feb 2005]
CASR - ACAT: PHP TopSites Vulnerability Report
White Paper Because PHP TopSites does not have session authentication, it allows an attacker to use an XSS vulnerability to do things like delete, edit, and change user accounts by having an unknowing admin run the code. [16 Feb 2005]
Application-Level Attacks: Phishing and Session Hijacking (Level 300)
White Paper This webcast will provide in-depth demonstrations of a variety of Web application hacking techniques such as SQL Injection and Cross Site Scripting (XSS) and show how to identify whether an application is vulnerable to these types of attacks. [11 Feb 2005]
