[WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)

Gervase Markham gerv at gerv.net
Sun Jun 25 17:09:46 EDT 2006


Brian Eaton wrote:
> I've been wondering whether web application developers could cooperate
> with browser vendors to find a way to make XSS and CSRF harder to
> exploit.  

Yes, there is:

http://www.gerv.net/security/content-restrictions/
http://www.gerv.net/security/script-keys/

(The two approaches are complementary.)

I haven't given up on doing these; I just need to find the time. But if
someone else wants to try implementing them, that would be great. I
could find out for you who knows the various bits of code.

Gerv

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list