Web Directory

» 'Cross-site scripting' tears holes in Net security
   USA Today article by Byron Acohido that details WhiteHat Security's assessment of Hotmail, Yahoo, Amazon, and America Online.
   http://www.usatoday.com/tech/news/2001-08-31-hotmail-security-side.htm

» Apache: Cross Site Scripting Info
   How the attack affects websites hosted on the Apache webserver and Apache specific issues.
   http://httpd.apache.org/info/css-security/

» Bypassing Javascript Filters - The Flash Attack
   Paper by EyeonSecurity explaining how to inject CSS attacks into Web applications which allow Flash content.
   http://eyeonsecurity.org/papers/flash-xss-description.htm

» CERT Advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests
   Advisory published jointly by the CERT Coordination Center, DoD-CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capability (FedCIRC), and the National Infrastructure Protection Center (NIPC).
   http://www.cert.org/advisories/CA-2000-02.html

» CNN.com: Schwab's Site Could be Vulnerable
   Charles Schwab's online customers are at risk of having their account information accessed and their accounts manipulated due to the same software vulnerability that affected E-Trade's Web site in September.
   http://cnn.com/2000/TECH/computing/12/08/schwab.cost.idg/

» Cross Site Scripting Vulnerabilities
   Security consultant David deVitry offers background information, a free CSS vulnerability detector, and a list of vulnerable sites.
   http://www.devitry.com/security.html

» InfoWorld Opinions: Cross-site Scripting
   Article on this often overlooked threat with links.
   http://www.infoworld.com/article/02/05/03/020506opsecurity_1.html

» perl.com: Preventing Cross-site Scripting Attacks
   Paul Lindner, author of the mod_perl cookbook, explains how to secure our sites against Cross-Site Scripting attacks using mod_perl and Apache::TaintRequest.
   http://www.perl.com/pub/a/2002/02/20/css.html