mailing list archives
Re: XSS vulnerability
From: "Albert R. Campa" <abcampa () gmail com>
Date: Fri, 14 Dec 2007 12:30:06 -0600
You can install a Host based IPS or if your network is capable some
type of Network IDS/IPS would be good to place in front of the web
Also coordinating a web vulnerability application scan would be a good
idea to do, so you can pass to the developers and they can see what
they need to fix.
On Dec 13, 2007 8:54 PM, Heng Kuo Kuang Kelvin NCS <kuokuang () ncs com sg> wrote:
I tried to google for XSS vulnerability, how to hack, how to prevent,
etc. However, I have no any meaningful information for me to work with.
Actually, I am supposed to address some XSS vulnerability on some of the
in-house application developed by 3rd party vendor. My web server is
already patched to its latest version, however the coding in the
application is subjected to XSS vulnerability, I would like to do
something about it rather than waiting for the application developer to
rewrite the application.
Can anyone of you help me by giving me some guidance?
1) What kind of pattern will I be able to pick up from my web server
logs to show that there is XSS attacks against my web server?
2) How can I prevent XSS from attacking my web servers [Apache, Sun One,
IIS 5 & 6] without having to change the application coding?
3) How can I test for XSS vulnerability on my web servers?
Any information will be greatly appreciated.
Thanks in advance