Template:Cross Site Scripting Scanning
From What The Wiki?!
Cross Site Scripting (XSS) is a common vulnerability on the web these days.The presentation starts off with an introduction to XSS with some examples.What is the problem?- Untrusted data gets inserted into web pages.How is it exploited?* JavaScript Insertion* Phishing attacks* "Defacements"* Social EngineeringWhat do web developers need to know about XSS?* Filter untrusted data* Use perl's taint modeIntroduction of a new, free XSS tool first released at WHATTHEHACKWhat is it?- A XSS vulnerability scanner that helps to automate the process of looking for XSS vulnerabilities.How do I use it- Come to the talk...What do I do once a vulnerability is found?- Fix your site!- It wasn't your site? Exploit or report it! ;-)Q&A sessionTarget audience:* Web developers,* penetration testersAll code shown during the talk is in perl and JavaScript. Some knowledge of perl and JavaScript is recommended.
