Paper: Carnival, or how to camouflage data for XSS filters

Written by Veda, wired-security.net

Thursday, 19 June 2008

An interesting paper on how to use various obfuscations for XSS filter evations to inject JavaScript code.

Firefox extensions for web developers and penetration testers

Written by SkyOut & Veda, wired-security.net

Thursday, 19 June 2008

This text lists useful Firefox add-ons to use for website vulnerability assessments.

Paper: Real World XSS

Written by David Zimmer, SandSprite.com

Tuesday, 3 June 2008

This paper was written back in 2003 and includes a very good description of what cross-site scripting is, methods of injection and filtering and a section titled "Inside the mind, mental walk along of a XSS hack".

Paper: The XSS Epidemic: Tools for discovery and remediation

Written by Russ McRee, HolisticInfosec.org

Tuesday, 29 April 2008

Russ's latest toolsmith column for ISSA Journal is a very interesting read about cross-site scripting.

Paper: XSS Vulnerabilities in Common Shockwave Flash Files

Written by Rich Cannings, Google Security Team

Friday, 18 April 2008

Technical information about cross-site scripting vulnerabilities in SWF files.

Paper: Defend Against Black Hat SEO: Your Web Host Can Help

Written by Frederick Townes, W3-Edge.com

Friday, 11 April 2008

This great article gives insight into ways to defend against Black Hat SEO and what black hat SEOs can achieve when your website is vulnerable to cross-site scripting.

1 2 3 4 5

35984 total xss 11629 special xss 1889 fixed 7827 xss onhold 1516 EW subscribers