Defending ASP.Net apps against XSS
[Pages:12]Defending apps against XSS
OWASP
18.01.2012
Mateusz Olejarka VSoft S.A., Specjalista oprogramowania OWASP Poland mateusz.olejarka@
Copyright ? The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
Agenda
Short history of XSS XSS defined Defence Resources Q&A
OWASP
2
Short history of XSS
XSS is at least 15 years old (was born somewhere around 1996) Back then You could with use of Javascript create iframe, load another page inside it and script it anyway You like :) SOP was introduced in Netscape Navigator 2.0 2005 ?Samy ? first XSS worm, hit MySpace ? it finally went offline, 1 000 000 infections in less than 24 hours
OWASP
3
XSS defined
,,XSS flaw occurs when application includes user supplied data in a page sent to the browser without properly validating or escaping that content" ? from OWASP TOP 10
XSS can be
Stored
Reflected
Dom based ................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- Вместо стая или две офисът вече става среда за комплексно
- Вигинтаc Шапокас е новият изпълнителен директор на billa
- Оттобок открива новия си завод в България
- lab 3 web attacks xss xsrf sql injection kth
- С покупката на ново жилище става по бързо и лесно
- cross site scripting analysis identification and
- cross site scripting xss exploits defenses
- injections attacks html sql xss
- micro switch limit switch china xurui electronic
- xss iframe phishing introduction
Related searches
- arguments defending slavery
- http bxss me t xss html 00
- bxss me t xss html 00
- 1 script acu src xss bxss me t xss js 9119 script
- 1 img src xss bxss me t dot gif onload lv2z 9708
- a href http xss bxss me a
- the script acu src xss bxss me t xss js 9842 script
- the img src xss bxss me t dot gif onload l8td 9252
- the script acu src xss bxss me t xss js 9239 script
- the img src xss bxss me t dot gif onload l1ln 9008
- the script acu src xss bxss me t xss js 9323 script
- the img src xss bxss me t dot gif onload scvr 9660