[OWASP-TESTING] Contributors

Jeff Williams jeff.williams at aspectsecurity.com
Wed Aug 2 08:57:44 EDT 2006


I found articles on XSS including:
 - Cross Site Scripting (from CLASP - vulnerability)
 - Cross site scripting (from Top Ten - overview)
 - XSS Attacks (Eoin Code review guide -- not really attacks)
 - Testing for Cross site scripting vulnerabilities
 - ..and there's probably some coverage in the Guide

Anyone want to take on cleaning this up?  I'd like to see:
 - An awareness article (short, Top Ten)
 - A detailed article (Guide, links to more detailed articles)
 - An article about XSS Attacks -- how do attackers exploit, what tools
do they use
 - An article about XSS Vulnerabilities -- what do they look like, how
serious are they
 - An article about XSS Countermeasures -- with links to articles on
validation and encoding

Does this make sense?  I want to minimize redundancy and get things
organized.

--Jeff

-----Original Message-----
From: Eoin [mailto:eoinkeary at gmail.com] 
Sent: Wednesday, August 02, 2006 7:49 AM
To: Jeff Williams
Cc: Javier Fernandez-Sanguino; owasp-testing at lists.sourceforge.net
Subject: Re: [OWASP-TESTING] [***SPAM (header)***] - Re: Contributors -
Email found in subject

Hi,
I threw in the current XSS text:
http://www.owasp.org/index.php/Testing_for_Cross_site_scripting_vulnerab
ilities
It needs to be expanded but it is a start.
-ek

On 01/08/06, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
> Hi Javier,
>
> Do some searching around -- there are a few articles on XSS that need
to
> be pulled together and consolidated.  We should try to be clear about
> what the article is actually about.  Is it a description of an XSS
> vulnerability?  Or is it how to test for XSS?  Or is it a
countermeasure
> article on how to defend an application against XSS (ie.
> Validation/Encoding).
>
> We have the same problem with SQL injection right now, but it's
getting
> cleaned up.  Best thing you can do if you're not sure how to deal with
> these collisions is to link to the other articles and indicate that
> there might be some overlap.
>
> Thanks,
>
> --Jeff
>
> Jeff Williams, CEO
> Aspect Security
> work: 410-707-1487
> main: 301-604-4882
>
> -----Original Message-----
> From: owasp-testing-bounces at lists.sourceforge.net
> [mailto:owasp-testing-bounces at lists.sourceforge.net] On Behalf Of
Javier
> Fernandez-Sanguino
> Sent: Tuesday, August 01, 2006 2:15 PM
> To: Eoin
> Cc: owasp-testing at lists.sourceforge.net
> Subject: [***SPAM (header)***] - Re: [OWASP-TESTING] Contributors -
> Email found in subject
>
> Eoin dijo:
> > Hi if you want your name here drop me a line and tell me what part
you
> did....
>
> Hi there,
>
> IIRC I wrote:
>
http://www.owasp.org/index.php/Application_configuration_management_test
> ing
>
http://www.owasp.org/index.php/Infrastructure_configuration_management_t
> esting
> and contributed to
>
http://www.owasp.org/index.php/Testing_for_Old%2C_backup_and_unreference
> d_files
>
> I wrote a section on XSS a while back, but seems to be different than
>
http://www.owasp.org/index.php/Testing_for_Cross_site_scripting_vulnerab
> ilities
> so I will use the wiki and expand that with the one I wrote back in
2004
>
> and some other info.
>
>
> Regards
>
> Javier
>
>
>
------------------------------------------------------------------------
> -
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
share
> your
> opinions on IT & business topics through brief surveys -- and earn
cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE
> V
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing
>
>
------------------------------------------------------------------------
-
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
share your
> opinions on IT & business topics through brief surveys -- and earn
cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE
V
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing
>


-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html




More information about the Owasp-testing mailing list