[WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)

Gervase Markham gerv at gerv.net
Sun Jun 25 17:09:46 EDT 2006

Brian Eaton wrote:
> I've been wondering whether web application developers could cooperate
> with browser vendors to find a way to make XSS and CSRF harder to
> exploit.  

Yes, there is:


(The two approaches are complementary.)

I haven't given up on doing these; I just need to find the time. But if
someone else wants to try implementing them, that would be great. I
could find out for you who knows the various bits of code.


The Web Security Mailing List: 

The Web Security Mailing List Archives: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list