[WEB SECURITY] Twitter XSS worms
Steven M. Christey
coley at linus.mitre.org
Mon Apr 13 15:59:17 EDT 2009
For those who speak fluent XSS, how obscure was the attack vector and the
attack technique? Actually, what I'm really wondering is, would "best
practices" or even "average practices" have prevented this attack from
succeeding? either for the XSS or the CSRF angles. Is
Ajax-as-an-XSS-attack-vector still novel?
- Steve
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list