[Owasp-leaders] Help...

vanderaj vanderaj vanderaj at owasp.org
Tue Sep 11 01:39:51 UTC 2012


Agreed with the eminent Mr Heyes!

I've been following his Twitter feed (@garethheyes) for a while now. It
brings smiles to my face as it has enough bizarre fuzz vectors that makes
your browser bleed. That feed could be farmed to update the cheat sheet, as
well as point to Shazzer.

thanks,
Andrew

On Thu, Sep 6, 2012 at 6:16 PM, gaz Heyes <gazheyes at gmail.com> wrote:

> On 5 September 2012 23:13, Tim <tim.morgan at owasp.org> wrote:
>
>> I think that would be pretty key to making it useful again.  I find
>> that I use RSnake's cheat sheet once every 2-3 assessments for the
>> more tricky XSS contexts, but it is getting pretty out of date and
>> many of the tricks don't work any longer.
>>
>
> Personally I've moved on from static cheatsheets, like you say they are
> always out of date. I prefer to share results "live" and allow users to
> create and fuzz their own vectors.
> <http://shazzer.co.uk/database/All/Entities-allowed-before-js-protocol>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120911/750f9092/attachment.html>


More information about the OWASP-Leaders mailing list