Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??
Last week's (May, 6th 2002) Security Adviser article in InfoWorld was near and (not so) dear to my heart and hopefully yours.

Mandy Andress goes over many of the points we have discussed here at the Monastary, and some new points, but also brings it home with some very public examples (eg. eBay, Cybercash, VeriSign).

She also directly mention sites like here (sites for coders) where preventing CSS attacks, becomes a game of balance between your user's freedom and thier security. Hat's off to the developers here for working on that balance.

There are some other interesting links in her article

  • cross_site_scripting.archive.html - This page details sites who are open to CSS attacks *including AOL, and Real.com* this page is run by SkyLined a self professed h4x0r
  • community.whitehatsec.com - Who has just released thier Linux-based WhiteHat Arsenal 1.05 test suite for profiling your site against CSS attacks

    • Hopefully this article shows to all that this problem is not going away. So if you developing a website and take user input to be displayed. You should read this.



    grep
    Unix - where you can throw the manual on the keyboard and get a command

    In reply to OT: Cross-site Scripting - Articles and Tools by grep

    Title:
    Use:  <p> text here (a paragraph) </p>
    and:  <code> code here </code>
    to format your post; it's "PerlMonks-approved HTML":


    • Are you posting in the right place? Check out Where do I post X? to know for sure.
    • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
      <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
    • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
    • Want more info? How to link or How to display code and escape characters are good places to start.
    Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Domain Nodelet?

    www.com | www.net | www.org
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this?Last hourOther CB clients
    Other Users?
    Others surveying the Monastery: (3)
    As of 2024-04-24 04:14 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      No recent polls found