How to Find and Exploit Cross Site Scripting (XSS) Vulnerabilities In a previous post, How to Prevent Cross Site Scripting, I explain how to prevent Cross Site Scripting (XSS) issues. This article will demonstrate a simple approach how to identify and exploit cross site scripting vulnerabilities. Meet our target.. I am using an old...
read more
Cross Site Scripting (XSS): Brief History Cross Site Scripting (XSS) is a common issue that plagues many web applications, check out xssed for a frame of reference. The most widely scene form is called reflective cross site scripting (XSS). This is when user supplied data is submitted to a application and the data is reflected back...
read more
This past weekend I attended ShmooCon 2014, which is an annual east coast hacking conference where like minded, and sometimes unlike minded people gather to exchange ideas and have a generally good time. The conference provides a forum for various speakers to present their research. Among the varying and interesting talks presented...
read more
“Trust But Verify” is a phrase that gets thrown around a lot especially in the auditing world. The phrase is useful in the civilized world, where people are generally honest. The phrase is NOT useful when it comes to trusting binaries on the internet, which should be considered the wild wild west at all times. A little...
read more
