[Owasp-testing] Article content

Matteo Meucci matteo.meucci at gmail.com
Thu Oct 12 10:39:15 EDT 2006


Wow,
I like it...that's very cool, practical and pragmatic as Eoin said.

Mat


On 10/12/06, Daniel Cuthbert <daniel.cuthbert at owasp.org> wrote:
> examples are good. Ideally they should give an introduction of what
> the tester is testing for, a brief explanation and the actual method
> used to test and desired output
>
>
> =======================================================
> Topic:
>
> XSS IFRAME Test
>
> Explanation:
>
> HTML frames allow authors to present documents in multiple views,
> which may be independent windows or subwindows. These are commonly
> found to be vulnerable, and if the web application allows iframes,
> there could be further XSS vulnerabilities present
>
> Testing for IFRAME vulnerabilities:
> Using a proxy, recreate the IFRAME code with following code
> <IFRAME SRC="javascript:alert(;'OWASP IFRAME XSS Test');"></IFRAME>
>
> Result Expected:
> A alert box with the caption "OWASP IFRAME XSS Test" should appear
>
> =======================================================
>
>
>
>
> On 12 Oct 2006, at 21:21, Matteo Meucci wrote:
>
> > Yep,
> > Eoin is right. We don't need to write down all the theory about a
> > particular attack, but just a brief description. The added value of
> > this guide is our experience on how to test. Focus on real
> > case-studies will be great. IMHO this concept has to be our guideline
> > in writing new articles.
> > Other feed back?
> >
> > Mat
> >
> > On 10/12/06, Eoin <eoin.keary at owasp.org> wrote:
> >> Guys,
> >>
> >> when doing these articles can we ensure that the articles are
> >> practical and
> >> pragmatic?
> >> I.e. Examples of the test discussed and less academic theory.
> >> Just that, there are many books out there on the "theory" but what
> >> we need
> >> is examples of "how to test"..
> >>
> >> What do y'all think?
> >>
> >>
> >> --
> >> Eoin Keary OWASP - Ireland
> >> http://www.owasp.org/local/ireland.html
> >>  http://www.owasp.org/index.php/OWASP_Testing_Project
> >> http://www.owasp.org/index.php/OWASP_Code_Review_Project
> >
> >
> > --
> > Matteo Meucci
> > OWASP-Italy Chair, CISSP, CISA
> > site: http://www.owasp.org/index.php/Italy
> > mail: matteo.meucci at owasp.org
> > ml: http://lists.owasp.org/mailman/listinfo/owasp-italy
> > _______________________________________________
> > Owasp-testing mailing list
> > Owasp-testing at lists.owasp.org
> > http://lists.owasp.org/mailman/listinfo/owasp-testing
>
>


-- 
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
site: http://www.owasp.org/index.php/Italy
mail: matteo.meucci at owasp.org
ml: http://lists.owasp.org/mailman/listinfo/owasp-italy



More information about the Owasp-testing mailing list