Thursday, 28 May 2009

Cross site scripting (XSS) links to information

Useful resources explaining Cross Site Scripting (XSS) and how to code/guard against it.

CERT® Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests
http://www.cert.org/advisories/CA-2000-02.html

Cross-site Scripting (XSS)
http://www.owasp.org/index.php/Cross-site_scripting

Data Validation
http://www.owasp.org/index.php/Data_Validation

Reviewing Code for Cross-site scripting
http://www.owasp.org/index.php/Review_Code_for_Cross-site_scripting

XSS (Cross Site Scripting) Prevention Cheat Sheet
http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

OWASP Enterprise Security API
"OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Just as web applications and web services can be Public Key Infrastructure (PKI) enabled (PK-enabled) to perform for example certificate-based authentication, applications and services can be OWASP ESAPI-enabled (ES-enabled) to enable applications and services to protect themselves from attackers. "
http://www.owasp.org/index.php/ESAPI

MS AntiXSS
"AntiXSS 3.0 helps you to protect your current applications from cross-site scripting attacks, at the same time helping you to protect your legacy application with its Security Runtime Engine. Working with customer and partner feedback, AntiXSS 3.0 incorporates radically and innovatively rethought features, offering you a newer, more powerful weapon against the often employed cross-site scripting (XSS) attack."
http://www.codeplex.com/AntiXSS

No comments: