[WEB SECURITY] (XSS via file extension) XSS-Phishing on Financial Sites

Belles, Mark Mark.Belles at securepassage.com
Tue Jun 27 18:00:37 EDT 2006


Which begs an interesting point though ... , I'm sure the stego crowd has developed some libs for ...
I wonder how effective they would be at validating uploads ? Surely they're much better at quickly
analyzing misshaped binary formats that the web app world.

 

Interesting link to detecting hidden data in images...

http://www.ameslab.gov/final/News/2006rel/Steganalysis.htm 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060627/f734e1a1/attachment.html>


More information about the websecurity mailing list