[WEB SECURITY] Twitter XSS worms

Steven M. Christey coley at linus.mitre.org
Mon Apr 13 15:59:17 EDT 2009

For those who speak fluent XSS, how obscure was the attack vector and the
attack technique? Actually, what I'm really wondering is, would "best
practices" or even "average practices" have prevented this attack from
succeeding?  either for the XSS or the CSRF angles.  Is
Ajax-as-an-XSS-attack-vector still novel?

- Steve

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list