[Owasp-leaders] Help...

Johanna Curiel johanna.curiel at owasp.org
Tue Sep 11 10:24:38 UTC 2012


this looks like an excellent tool. With this I'll be able to test the vectors in the newest browsers and also check the sucessfull ones.

regars

Johanna




Op 10 sep. 2012 om 21:39 heeft vanderaj vanderaj <vanderaj at owasp.org> het volgende geschreven:

> Agreed with the eminent Mr Heyes! 
> 
> I've been following his Twitter feed (@garethheyes) for a while now. It brings smiles to my face as it has enough bizarre fuzz vectors that makes your browser bleed. That feed could be farmed to update the cheat sheet, as well as point to Shazzer.
> 
> thanks,
> Andrew
> 
> On Thu, Sep 6, 2012 at 6:16 PM, gaz Heyes <gazheyes at gmail.com> wrote:
> On 5 September 2012 23:13, Tim <tim.morgan at owasp.org> wrote:
> I think that would be pretty key to making it useful again.  I find
> that I use RSnake's cheat sheet once every 2-3 assessments for the
> more tricky XSS contexts, but it is getting pretty out of date and
> many of the tricks don't work any longer.
> 
> Personally I've moved on from static cheatsheets, like you say they are always out of date. I prefer to share results "live" and allow users to create and fuzz their own vectors.
> <http://shazzer.co.uk/database/All/Entities-allowed-before-js-protocol> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120911/25901d96/attachment.html>


More information about the OWASP-Leaders mailing list