[Owasp-leaders] Help...

Tim tim.morgan at owasp.org
Wed Sep 5 22:13:24 UTC 2012


I think that would be pretty key to making it useful again.  I find
that I use RSnake's cheat sheet once every 2-3 assessments for the
more tricky XSS contexts, but it is getting pretty out of date and
many of the tricks don't work any longer.

Next time I have the need for the cheat sheet, I'll try to remember to
use this new one and make any notes of any items I'm confident are
outdated.  If everyone does that, it shouldn't be too long before we
have it caught up with current behaviors.

With that said, I think it may be useful to keep an archive of the old
tricks that no longer work on any modern browser.  Perhaps stuffed in
a separate section or page.  You never know when an old trick might
become relevant again, particularly with the diversity of browser
platforms we have these days.

tim


On Wed, Sep 05, 2012 at 10:01:53PM +0000, Erlend Oftedal wrote:
> I suppose one thing people could start doing is test the vectors in newer browsers.
> 
> Erlend
> ________________________________
> From: Jim Manico
> Sent: 05.09.2012 18:32
> To: Samantha Groves
> Cc: owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] Help...
> 
> We're almost done with the initial port.
> 
> https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
> 
> --
> Jim Manico
> (808) 652-3805
> 
> On Sep 5, 2012, at 3:47 PM, Samantha Groves <samantha.groves at owasp.org<mailto:samantha.groves at owasp.org>> wrote:
> 
> Fabulous! I love the interest! Thank you, guys.
> 
> Jim, what's the next step?
> 
> SG
> 
> On Sat, Sep 1, 2012 at 2:50 PM, Johanna Curiel <johanna.curiel at owasp.org<mailto:johanna.curiel at owasp.org>> wrote:
> Hi Jim
> 
> Me too!
> 
> Regards
> 
> Johanna
> 
> 
> 
> 
> On 30 aug. 2012, at 19:51, Jim Manico <jim.manico at owasp.org<mailto:jim.manico at owasp.org>> wrote:
> 
> > I'm seeking a volunteer to help convert the very famous:
> >
> > http://ha.ckers.org/xss.html
> >
> > to
> >
> > The OWASP XSS Filter Evasion Cheat Sheet (I think that's the right name).
> >
> > ...anyone interested?
> >
> > RSnake was kind enough to donate this to OWASP. It's going to be cool to see what the community will add to this.
> >
> > Aloha,
> > Jim Manico
> > OWASP Volunteer
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> --
> 
> Samantha Groves, MBA
> 
> OWASP Project Manager
> 
> 
> The OWASP Foundation
> 
> London, United Kingdom
> 
> Email: samantha.groves at owasp.org<mailto:samantha.groves at owasp.org>
> 
> Skype: samanthahz
> 
> 
> 

> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list