[WEB SECURITY] Methods of protection against XSS and Backdoors in web applications

MustLive mustlive at websecurity.com.ua
Sun Apr 28 16:36:22 EDT 2013


Hello participants of Mailing List.

In March and April I've wrote new articles. And I'll tell you briefly about
two my articles concerning protection against XSS and concerning backdoors
in web applications. These topics should be interesting for you (especially
for those, who haven't read them before).

In December 2012 I've made a series of articles about methods of defending
against XSS attacks. These articles were "Protection against XSS with
HttpOnly" and "Protection against XSS with JavaScript"
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-December/008642.html)
and last month I've wrote another article in this series. And this month
I've wrote an article which continued topic of backdoors in web applications
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2012-December/008630.html).

1. Protection against XSS with X-XSS-Protection.
http://websecurity.com.ua/6396/

In this article I've told about X-XSS-Protection header as a method of
protecting against XSS attacks. Wrote about X-XSS-Protection pros and
contras. Described its shortcomings and the list of browsers which support
it. Among three protection methods, JavaScript method (proposed by me) has
advantage in amount of supported browsers (especially it compatible with
legacy browsers), but with time other methods also will increase it.

2. Backdoors in web applications.
http://websecurity.com.ua/6449/

In this article, in addition to previous article, I've told about backdoors
in web applications, server software and network devices. Also I've wrote
about different web applications, which have functionality to find backdoors
(including plugins for CMS and built-in functionality in different engines).

The list includes routers, switches, storage devices, printers, HP
Operations Manager Server, IBM Cognos Server, HP OpenView Performance
Insight Server, Social Media Widget plugin for WordPress, where backdoors
were found.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua






More information about the websecurity mailing list