Paper: Cross-Site Request Forgery: the Sea Surf

Written by Nexus,

Saturday, 3 November 2007

This is an interesting read about CSRF attacks, covering the difference between XSS and CSRF, attack points and possible prevention solutions. Code examples are provided.


Paper: Preventing Cross-Site Request Forgery (CSRF)

Written by Nexus,

Friday, 2 November 2007

Our friend Nexus has written a fresh and very interesting paper on how to prevent CSRF attacks.


Paper: The Cross Site Scripting (XSS) FAQ

Written by Robert Auger,

Wednesday, 31 October 2007

The best FAQ about cross-site scripting. Answers and questions on identification, threats, and prevention with examples and links. A must read if your site is XSS attacked.


Paper: A PoC of a cross webmail worm (XWW), called "Nduja connection"

Written by Rosario Valotta

Friday, 13 July 2007

A PoC of the first cross webmail worm (XWW) called "Nduja connection". This paper is a very interesting read, supported by a very nice video demonstration of the worm.


Paper: HTML Code Injection and Cross-Site Scripting

Written by Gunter Ollmann -

Monday, 21 May 2007

In this paper, Gunter Ollmann provides an analytical explanation regarding HTML code injection and XSS. A great technical paper for an in-depth understanding of the cause and effect of XSS vulnerabilities.


Paper: Cross-Site Scripting for Fun and Profit

Written by Nexus,

Thursday, 17 May 2007

In this paper, Nexus explains what is XSS and presents exploitation techniques that are related to each type of XSS vulnerabilities: DOM-Based, Non-Persistent, Persistent. He also provides information on possible XSS prevention solutions.


1 2 3 4 5 


45884 total xss
14724 special xss
3026 fixed
5328 xss onhold
2929 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.