Paper: Kr3w's Cross-Site Scripting Tutorial

Written by Kr3w

Tuesday, 15 May 2007

In this paper, Kr3w provides a very good tutorial about cross-site scripting (XSS).

Paper: Applying XSS to Phishing Attacks

Written by Nexus, PlayHack.net

Thursday, 3 May 2007

In this paper, Nexus presents and explains the techniques and codes which are used by phishers who are knowledgeable about certain aspects of cross-site scripting (XSS) exploitation, in order to attack users or webmasters of websites that are vulnerable to XSS.

Paper: Preventing CSRF Attacks

Written by Petko D. Petkov, GNUCitizen.org

Saturday, 31 March 2007

In this paper, Petko D. Petkov explains how CSRF attacks can be prevented using tokens in a web application.

Paper: Double Trap XSS Injection: An Analysis

Written by Aditya K Sood, Metaeye Security Group

Tuesday, 27 March 2007

In this paper, Aditya K Sood demonstrates the double trap XSS injection with the scope of determining a new class of XSS exploitation. The target is SecTheory consultation website.

Paper: Overtaking Google Desktop

Written by Yair Amit, Danny Allan and Adi Sharabani, Watchfire

Saturday, 24 February 2007

A research whitepaper from Watchfire, has revealed a serious cross-site scripting vulnerability in Google Desktop. Malicious people can exploit this vulnerability to access sensitive data on the attacked systems and in some cases take full control of them.

Paper: Anatomy of a "Pseudo-Reflective" Worm

Written by Kyran

Tuesday, 20 February 2007

Kyran wrote a paper on the anatomy of a "Pseudo-Reflective" worm, which he coded to target GaiaOnline.com.

1 2 3 4 5

45884 total xss 14724 special xss 3026 fixed 5328 xss onhold 2932 EW subscribers

Tweets about ""cross site scripting" OR from:xssedcom"