Tech Seige - Prime example of XSS - Security, Web Hosting Issues and getting the most out of the technical world

Friday, October 14, 2005

My nephew, John Hynds, also happens to be a security consultant (big surprise) and he pointed me at a recent what we think it a perfect example of a Cross Site Scripting (XSS) exploit as carried out against MySpace.com.

We find that most people have trouble understanding Cross Site Scripting as an exploit as opposed to more transparent attacks like brute force or even SQL Injection.

One key take away from this is that while you are welcome to try to detect when a user inputs malicious data, but that is a war of escalation. Instead you should concentrate on only allowing valid data, it is much easier to screen and less likely to fail as MySpace.com did in this example.

security

Friday, October 14, 2005 4:22:32 PM (Eastern Daylight Time, UTC-04:00)

Comments [5] | Tracked by:
"play roulette" (play roulette) [Trackback]
"health insurance" (health insurance) [Trackback]
"citifinancial" (citifinancial) [Trackback]
"colorado springs hotels" (colorado springs hotels) [Trackback]
"pharmacy" (pharmacy) [Trackback]
"car insurance online quote" (car insurance online quote) [Trackback]
"eloan" (eloan) [Trackback]
"hotel deals" (hotel deals) [Trackback]
"phentermine order" (phentermine order) [Trackback]
"a credit report" (a credit report) [Trackback]

Wednesday, November 17, 2010 11:36:44 PM (Eastern Standard Time, UTC-05:00)

a user inputs malicious data, but that is a war of escalation. Instead you should concentrate on only allowing valid data, it is much easier

Nike Air Jordan Shoes

Friday, December 17, 2010 1:00:05 PM (Eastern Standard Time, UTC-05:00)

nice post

cheap hosting

Monday, December 20, 2010 9:15:12 AM (Eastern Standard Time, UTC-05:00)

Hi, I have been reading this blog for some time now but never bothered to comment until today. Wanted to let you know that I am a fan and enjoy your work. Thanks.

cheap vps

Tuesday, December 21, 2010 12:33:08 PM (Eastern Standard Time, UTC-05:00)

I agree with your blog, lucky to read your blog! It makes me have the courage to stick to it!

windows vps

Monday, January 03, 2011 2:17:51 AM (Eastern Standard Time, UTC-05:00)

Nice article!

vans shoes

Comments are closed.

How do I build a secure website or get the best web hosting or host a secure website myself? These are the kind of questions I will deal with here on this site along with anything related to general security that seems appropriate!

How do I build a secure website or get the best web hosting or host a secure website myself?
These are the kind of questions I will deal with here on this site along with anything related to
general security that seems appropriate!