[Owasp-leaders] Help...

Eoin eoin.keary at owasp.org
Wed Sep 5 23:03:22 UTC 2012


It also refers to older browsers in terms of effective attacks. Refreshing that will take some work.


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 6 Sep 2012, at 00:00, Jim Manico <jim.manico at owasp.org> wrote:

> Once the initial port is complete I intend to rally the community to
> update and maintain this key resource. I'm thrilled that RSnake was
> kind enough to donate this - and I feel he did so in order to harness
> the power of the wiki and community involvement.
> 
> Stay tuned, more to follow.
> 
> Regards,
> 
> --
> Jim Manico
> (808) 652-3805
> 
> On Sep 5, 2012, at 11:14 PM, Tim <tim.morgan at owasp.org> wrote:
> 
>> 
>> I think that would be pretty key to making it useful again.  I find
>> that I use RSnake's cheat sheet once every 2-3 assessments for the
>> more tricky XSS contexts, but it is getting pretty out of date and
>> many of the tricks don't work any longer.
>> 
>> Next time I have the need for the cheat sheet, I'll try to remember to
>> use this new one and make any notes of any items I'm confident are
>> outdated.  If everyone does that, it shouldn't be too long before we
>> have it caught up with current behaviors.
>> 
>> With that said, I think it may be useful to keep an archive of the old
>> tricks that no longer work on any modern browser.  Perhaps stuffed in
>> a separate section or page.  You never know when an old trick might
>> become relevant again, particularly with the diversity of browser
>> platforms we have these days.
>> 
>> tim
>> 
>> 
>> On Wed, Sep 05, 2012 at 10:01:53PM +0000, Erlend Oftedal wrote:
>>> I suppose one thing people could start doing is test the vectors in newer browsers.
>>> 
>>> Erlend
>>> ________________________________
>>> From: Jim Manico
>>> Sent: 05.09.2012 18:32
>>> To: Samantha Groves
>>> Cc: owasp-leaders at lists.owasp.org
>>> Subject: Re: [Owasp-leaders] Help...
>>> 
>>> We're almost done with the initial port.
>>> 
>>> https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
>>> 
>>> --
>>> Jim Manico
>>> (808) 652-3805
>>> 
>>> On Sep 5, 2012, at 3:47 PM, Samantha Groves <samantha.groves at owasp.org<mailto:samantha.groves at owasp.org>> wrote:
>>> 
>>> Fabulous! I love the interest! Thank you, guys.
>>> 
>>> Jim, what's the next step?
>>> 
>>> SG
>>> 
>>> On Sat, Sep 1, 2012 at 2:50 PM, Johanna Curiel <johanna.curiel at owasp.org<mailto:johanna.curiel at owasp.org>> wrote:
>>> Hi Jim
>>> 
>>> Me too!
>>> 
>>> Regards
>>> 
>>> Johanna
>>> 
>>> 
>>> 
>>> 
>>> On 30 aug. 2012, at 19:51, Jim Manico <jim.manico at owasp.org<mailto:jim.manico at owasp.org>> wrote:
>>> 
>>>> I'm seeking a volunteer to help convert the very famous:
>>>> 
>>>> http://ha.ckers.org/xss.html
>>>> 
>>>> to
>>>> 
>>>> The OWASP XSS Filter Evasion Cheat Sheet (I think that's the right name).
>>>> 
>>>> ...anyone interested?
>>>> 
>>>> RSnake was kind enough to donate this to OWASP. It's going to be cool to see what the community will add to this.
>>>> 
>>>> Aloha,
>>>> Jim Manico
>>>> OWASP Volunteer
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>>> 
>>> --
>>> 
>>> Samantha Groves, MBA
>>> 
>>> OWASP Project Manager
>>> 
>>> 
>>> The OWASP Foundation
>>> 
>>> London, United Kingdom
>>> 
>>> Email: samantha.groves at owasp.org<mailto:samantha.groves at owasp.org>
>>> 
>>> Skype: samanthahz
>>> 
>>> 
>>> 
>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list