What are some links I can visit to help me further understand XSS?
“Cross-site scripting tears holes in Net security” http://www.usatoday.com/life/cyber/tech/2001-08-31-hotmail-security-side.htm Article on XSS holes http://www.perl.com/pub/a/2002/02/20/css.html “CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests” http://www.cert.org/advisories/CA-2000-02.html Paper on Removing Meta-characters from User Supplied Data in CGI Scripts. http://www.cert.org/tech_tips/cgi_metacharacters.html Paper on Microsoft’s Passport System http://eyeonsecurity.net/papers/passporthijack.html Paper on Cookie Theft http://www.eccentrix.com/education/b0iler/tutorials/javascript.htm#cookies The webappsec mailing list (Visit www.securityfocus for details) webappsec@securityfocus.com Many Thanks to David Endler for reviewing this document. Published to the Public May 2002 Copyright May 2002 Cgisecurity.
“Cross-site scripting tears holes in Net security” http://www.usatoday.com/life/cyber/tech/2001-08-31-hotmail-security-side.htm Article on XSS holes http://www.perl.com/pub/a/2002/02/20/css.html “CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests” http://www.cert.org/advisories/CA-2000-02.html Paper on Removing Meta-characters from User Supplied Data in CGI Scripts. http://www.cert.org/tech_tips/cgi_metacharacters.html Paper on Microsoft’s Passport System http://eyeonsecurity.net/papers/passporthijack.html Paper on Cookie Theft http://www.eccentrix.com/education/b0iler/tutorials/javascript.htm#cookies The webappsec mailing list (Visit www.securityfocus for details) webappsec@securityfocus.com Many Thanks to David Endler for reviewing this document.
