[WEB SECURITY] Article on XSS

Jonathan Komorek jonathan.komorek at benefitfocus.com
Fri Jun 23 16:11:36 EDT 2006


Unfortunately, yes. If you read this article, expect to know less about cross-site scripting afterwards.

-----Original Message-----
From: Steve Orrin [mailto:sorrin at ix.netcom.com] 
Sent: Friday, June 23, 2006 3:45 PM
To: Jeremiah Grossman; Web Security
Subject: [WEB SECURITY] Article on XSS

Has anyone else seen this?

XSS Vulnerabilities Reviewed and Re-Classified http://it.slashdot.org/it/06/06/22/2347201.shtml
"Security Analysts at NeoSmart Technologies have revisited the now-famous XSS-type security vulnerabilities and attempted to re-classify their status as a security vulnerability. The argument is that XSS vulnerabilities are not a mark of bad or insecure code but rather a nasty but unavoidable risk that's a part of JavaScript - and that even then, XSS 'vulnerable' sites are no less dangerous or vulnerable at heart."

based on article here:
What XSS isn’t
http://neosmart.net/blog/archives/194

-Steve



----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



****************************************************************************************
BENEFITFOCUS.COM CONFIDENTIALITY NOTICE: This electronic message is intended only for the individual or entity to which it is addressed and may contain information that is confidential and protected by law. Unauthorized review, use, disclosure, or dissemination of this communication or its contents in any way is prohibited and may be unlawful. If you are not the intended recipient or a person responsible for delivering this message to an intended recipient, please notify the original sender immediately by e-mail or telephone, return the original message to the original sender or to bfpostmaster at benefitfocus.com, and destroy all copies or derivations of the original message. Thank you.  (BFeComNote Rev. 08/01/2005)
***************************************************************************************

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list