[WEB SECURITY] Article on XSS

Steve Orrin sorrin at ix.netcom.com
Fri Jun 23 16:35:10 EDT 2006


I couldn't agree with you more:)

-----Original Message-----
>From: Jonathan Komorek <jonathan.komorek at benefitfocus.com>
>Sent: Jun 23, 2006 4:11 PM
>To: Steve Orrin <sorrin at ix.netcom.com>, Jeremiah Grossman <jeremiah at whitehatsec.com>, Web Security <websecurity at webappsec.org>
>Subject: RE: [WEB SECURITY] Article on XSS
>
>Unfortunately, yes. If you read this article, expect to know less about cross-site scripting afterwards.
>
>-----Original Message-----
>From: Steve Orrin [mailto:sorrin at ix.netcom.com] 
>Sent: Friday, June 23, 2006 3:45 PM
>To: Jeremiah Grossman; Web Security
>Subject: [WEB SECURITY] Article on XSS
>
>Has anyone else seen this?
>
>XSS Vulnerabilities Reviewed and Re-Classified http://it.slashdot.org/it/06/06/22/2347201.shtml
>"Security Analysts at NeoSmart Technologies have revisited the now-famous XSS-type security vulnerabilities and attempted to re-classify their status as a security vulnerability. The argument is that XSS vulnerabilities are not a mark of bad or insecure code but rather a nasty but unavoidable risk that's a part of JavaScript - and that even then, XSS 'vulnerable' sites are no less dangerous or vulnerable at heart."
>
>based on article here:
>What XSS isn�??t
>http://neosmart.net/blog/archives/194
>
>-Steve
>
>
>
>----------------------------------------------------------------------------
>The Web Security Mailing List: 
>http://www.webappsec.org/lists/websecurity/
>
>The Web Security Mailing List Archives: 
>http://www.webappsec.org/lists/websecurity/archive/
>http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
>
>****************************************************************************************
>BENEFITFOCUS.COM CONFIDENTIALITY NOTICE: This electronic message is intended only for the individual or entity to which it is addressed and may contain information that is confidential and protected by law. Unauthorized review, use, disclosure, or dissemination of this communication or its contents in any way is prohibited and may be unlawful. If you are not the intended recipient or a person responsible for delivering this message to an intended recipient, please notify the original sender immediately by e-mail or telephone, return the original message to the original sender or to bfpostmaster at benefitfocus.com, and destroy all copies or derivations of the original message. Thank you.  (BFeComNote Rev. 08/01/2005)
>***************************************************************************************
>
>----------------------------------------------------------------------------
>The Web Security Mailing List:
>http://www.webappsec.org/lists/websecurity/
>
>The Web Security Mailing List Archives:
>http://www.webappsec.org/lists/websecurity/archive/
>http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>




----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list