Home > Software Quality Tips > Application Security Book Excerpts > Cross Site Scripting Attacks: XSS Exploits and Defense -- Chapter 5, Advanced XSS Attack Vectors
Software Quality Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

APPLICATION SECURITY BOOK EXCERPTS

Cross Site Scripting Attacks: XSS Exploits and Defense -- Chapter 5, Advanced XSS Attack Vectors


Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager and Petko D. Petkov
06.13.2007
Rating: --- (out of 5)


Software quality news and advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



As a registered member of SearchSoftwareQuality.com, you're entitled to a complimentary copy of Chapter 5 of Cross Site Scripting Attacks: XSS Exploits and Defense written by Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager and Petko D. Petkov and published by Syngress.

In the past, the primary focus of XSS attack was Web applications that failed to filter user-supplied data. Researchers have since discovered that there are several other ways an attacker can inject JavaScript into a user's browser. This chapter, "Advanced XSS Attack Vectors," looks at several of those advanced attack vectors in detail so you can understand how illusive and widespread the problem is.


Cross Site Scripting Attacks: XSS Exploits and Defense

Book description:
 Cross Site Scripting Attacks: XSS Exploits and Defense starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic Web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused.

After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim.

>> Read "Advanced XSS Attack Vectors" now.

>> Buy the book

Rate this Tip
To rate tips, you must be a member of SearchSoftwareQuality.com.
Register now to start rating these tips. Log in if you are already a member.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Application Security Book Excerpts
Cybersecurity czar candidate questions clout of new position
Commonly-overlooked security flaws in rich Internet applications
Common mistakes in real-time Java programming
Web Security Testing Cookbook sample recipe
Fuzzing for Software Security Testing and Quality Assurance: Chapter 3, Testing for Quality
Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software
InfoSecurity 2008 Threat Analysis, Chapter 4: XSS Theory
Google Hacking for Penetration Testers, Volume 2: Chapter 6, Locating Exploits and Finding Targets
Ajax Security -- Chapter 6, Transparency in Ajax Applications
Fuzzing: Brute Force Vulnerability Discovery -- Chapter 12, Fuzzing Frameworks

Software security testing and techniques
Web application security best practices: Tips on implementation
Testing strategies for complex environments
How to make your software tamperproof
Ways to approach application performance testing on a tight budget
How can I tell if my software security has been breached?
Is online application testing for smartphones different from other software testing?
Software testers facing six big challenges today, StarWest keynoter says
Lesser-known free software testing tools testers should try
Is manually testing a software project for flaws too risky?
Affordable automated testing tools for securing websites

Cross-site scripting: XSS
Jeremiah Grossman on the pervasive nature of XSS
XSS prevention in Java
Guarding against XSS in ASP.NET

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Software Design & Testing - Project Management
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts