[WEB SECURITY] Twitter XSS worms

Steven M. Christey coley at linus.mitre.org
Mon Apr 13 15:59:17 EDT 2009


For those who speak fluent XSS, how obscure was the attack vector and the
attack technique? Actually, what I'm really wondering is, would "best
practices" or even "average practices" have prevented this attack from
succeeding?  either for the XSS or the CSRF angles.  Is
Ajax-as-an-XSS-attack-vector still novel?

- Steve

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list