[WEB SECURITY] Methods of protection against XSS
mustlive at websecurity.com.ua
Sun Dec 30 16:55:14 EST 2012
Hello participants of Mailing List.
On this week I've wrote two new articles. So I'll tell you briefly about my
last publications about methods of protection against XSS. This topic should
be interesting for you (especially for those, who haven't read them before).
These methods also can be used for such task as isolation of web
applications, as I've wrote earlier
In December 2011 I've made a series of articles about methods of defending
against ClickJacking. And this year I've decided to make a series of
articles about methods of defending against XSS attacks.
1. Protection against XSS with HttpOnly
In this article I've told about HttpOnly as a method of protecting against
classic XSS attack on cookies stealing. Which is known since 2002, when
Microsoft developed it for IE6 SP1. Wrote about HttpOnly pros and contras.
Described its shortcomings, methods of bypassing and the list of browsers
which support it.
protecting against classic XSS attack on cookies stealing. And also it can
be used for protecting from other XSS attacks (for both of which I've
presented JS codes). Which I've developed in the beginning of 2008. Wrote
about its pros and contras. And compared it with HttpOnly (this JS method
has many advantages comparing with it).
Best wishes & regards,
Administrator of Websecurity web site
More information about the websecurity