Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: [WEB SECURITY] countermeasure against attacks through HTML shared files
From: Amit Klein <aksecurity () gmail com>
Date: Sat, 08 Nov 2008 18:21:13 +0200
There's a very short reference from May 2007 to the concept of using different hostnames to protect against XSS:
See Brian Eaton's post to WebSecurity mailing list, May 18th, 2007, titled "Re: [WEB SECURITY] How to avoid XSS into PDF Files, using java". 

http://www.webappsec.org/lists/websecurity/archive/2007-05/msg00087.html

fcorella () pomcor com wrote:

Hello,

I wanted to announce a Pomcor white paper that
looks at attacks through HTML shared files in Web
applications and proposes a countermeasure.  These
are essentially XSS attacks, but the usual
defenses against XSS are typically not available,
because shared files cannot be sanitized.

The paper is available at:

http://www.pomcor.com/whitepapers/file_sharing_security.pdf

I have not been able to find much prior work.
What I've found is discussed in Section 2 of the
paper.  If I've missed something, please let me
know.

Thanks,

Francisco Corella




----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed] 

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]