|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Detecting cross-site scripting attacks
roshen.chandran
paladion.net
Date: Tue May 13 2003 - 22:07:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cedar,
As XSS relies on executing a script on the victim, by reflecting the
input that is sent to the server, these tools should be able to detect
XSS attacks by checking if Form POSTs (the data that is posted to the
server) or GET requests (the URL that is requested) contain Javascript
tags embedded in them.
--
Roshen
-----Original Message-----
From: Cedar Moore [mailto:cedar1420yahoo.com]
Sent: Tuesday, May 13, 2003 11:02 PM
To: webappsecsecurityfocus.com
Subject: Detecting cross-site scripting attacks
I am new to web application security, a lot of layer 7 application
security products detect cross-site scripting attacks (ex: sanctum
appshield). How these products do? There is lot of information about
cross-
site scripting attacks but I did not came across how these web
application
attacks can be detected. Is there any white paper there out explaining
the
generic detection methods?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]