Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Detecting cross-site scripting attacks

RE: Detecting cross-site scripting attacks

From: <roshen.chandran_at_paladion.net>
Date: Wed, 14 May 2003 08:37:27 +0530

Cedar,

As XSS relies on executing a script on the victim, by reflecting the
input that is sent to the server, these tools should be able to detect
XSS attacks by checking if Form POSTs (the data that is posted to the
server) or GET requests (the URL that is requested) contain Javascript
tags embedded in them. 

--
Roshen 
-----Original Message-----
From: Cedar Moore [mailto:cedar1420_at_yahoo.com] 
Sent: Tuesday, May 13, 2003 11:02 PM
To: webappsec_at_securityfocus.com
Subject: Detecting cross-site scripting attacks
I am new to web application security, a lot of layer 7 application 
security products detect cross-site scripting attacks (ex: sanctum 
appshield). How these products do? There is lot of information about
cross-
site scripting attacks but I did not came across how these web
application 
attacks can be detected. Is there any white paper there out explaining
the 
generic detection methods?
Received on May 14 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos