[WEB SECURITY] Article on XSS

Steve Orrin sorrin at ix.netcom.com
Fri Jun 23 15:44:48 EDT 2006


Has anyone else seen this?

XSS Vulnerabilities Reviewed and Re-Classified
http://it.slashdot.org/it/06/06/22/2347201.shtml
"Security Analysts at NeoSmart Technologies have revisited the now-famous XSS-type security vulnerabilities and attempted to re-classify their status as a security vulnerability. The argument is that XSS vulnerabilities are not a mark of bad or insecure code but rather a nasty but unavoidable risk that's a part of JavaScript - and that even then, XSS 'vulnerable' sites are no less dangerous or vulnerable at heart."

based on article here:
What XSS isn’t
http://neosmart.net/blog/archives/194

-Steve



----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list