-
Article #2: “The Cross Site Scripting Faq”
Currently small informational tidbits about Cross SiteScripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention. This article also covers practicle examples of cookietheft, and also provides tools for public…
-
Macromedia Flash Activex Buffer overflow
www.eeye.com has found a buffer overflow in Macromedia's flash.This hole was found by accident while surfing a websitewhen eeye noticed some strange errors. After further investigation they found that they could inject commandsinto the player stack. Anyone who uses flash is is urged to upgrade to version6 revision 29.
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack