[WEB SECURITY] XSS Question
nitin patel
kota_44 at yahoo.com
Thu Nov 30 23:04:13 EST 2006
>From my knowledge this one uses a white list based
aproach to encode the characters i.e only allows few
valid characters and encode everything else as
compared to black list based approach which is
followed in Server.html encode method of .net so
sounds safe .
Nitin
--- Sebastien Deleersnyder
<sebastien.deleersnyder at ascure.com> wrote:
> John,
>
> On the preventive aspect you can also check on the
> Anti-Cross Site
> Scripting Library v1.5
>
(http://blogs.msdn.com/michael_howard/archive/2006/11/20/anti-cross-site
> -scripting-library-v1-5-now-available.aspx)
> That is, if you use ASP.Net of course.
>
> Anyone already tested this?
>
> Kind regards,
>
> Sebastien
> OWASP BE Chapter Lead
>
> -----Original Message-----
> From: jfvanmeter at comcast.net
> [mailto:jfvanmeter at comcast.net]
> Sent: woensdag 29 november 2006 14:25
> To: WebSec
> Subject: [WEB SECURITY] XSS Question
>
> Hello everyone,
>
> I was hoping to gather some feedback on what
> everyone thinks the best
> vulnerability detection mechanism(s) is to discover
> XSS issues. I'm
> looking for any links, faqs, books, tools, and
> thoughts about that
> process.
>
> Thank You in advnace
> John
>
>
------------------------------------------------------------------------
> ----
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS
> Feed]
>
> ---- eMail Disclaimer ----
> This message may be confidential. It is also solely
> for the use of the individual or group to whom it is
> addressed. If you have received it
> by mistake, please let us know by e-mail reply.
> Ascure is not liable for any direct or indirect
> damage arising from errors, inaccuracies or
> any loss in the message, from unauthorized use,
> disclosure, copying or alteration of it.
> For the complete version or other languages of this
> disclaimer see http://www.ascure.com/disclaimer.htm
>
>
----------------------------------------------------------------------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS
> Feed]
>
>
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list