Stoppt die Vorratsdatenspeicherung! Jetzt klicken &handeln! Willst du auch an der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien:

Archived entries for xss

Web Application Exploits and Defenses

Google Code bietet ein “Hand-On” Sicherheitstraining: Jarlsberg Codelab. Ich habe die Anleitung und Aufgabenstellungen gerade mal überflogen und finde, dass das sehr gut klingt. Ich denke ich werde das morgen mal den Praktikanten geben.

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:

  • How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
  • How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).

Website Security Basics

Christian Heilmann hat im Smashing Magazine eine informative Einführung in Website Security veröffentlicht.

Disclaimer: the things we’ll talk about in this article today won’t make you a security expert, just as buying a Swiss Army knife won’t make you a locksmith or buying a whip won’t make you a lion tamer. The purpose here is to raise awareness and perhaps make some of that security mumbo-jumbo a bit more understandable to you.

WebScarab, Paros Tutorial

Jeff Orloff zeigt wie man mit WebScarab und Paros Proxy mögliche Exploits auf der eigenen Seite finden kann.

This article looks at some of the more popular vulnerabilities, such as cross-site scripting and SQL injections, and introduces tools you can use to help safeguard not only your sites, but the data and networks that power them.

XSS

Auf Dev.Opera gibt es einen sehr interessanten Artikel mit dem Titel JavaScript for hackers.

Each of the techniques described can be used for XSS filter evasion, which was my original intention when developing them. However, learning such JavaScript can dramatically increase your knowledge of the language, helping you become better at cleaning up input, and increase web application security.

Da sind einige sehr abgefahrene Sachen bei, unbedingt lesen.

XSS Rays

Das XSS-Tester Bookmarklet XSS Rays ist ein nützliches kleines Tool in der Webentwickler Werkzeugkiste.

It works as a bookmarklet and scans any links, paths or forms on the target scanning page (even cross domain). You can add vectors to it quite easily and it includes some of the most common injections I’ve found on sites over the years. I’ve tested it on IE7/IE8 and Firefox but it could work in other browsers.

Copyright © 2004–2009. All rights reserved. – Impressum

RSS Feed. This blog is proudly powered by Wordpress and uses Modern Clix, a theme by Rodrigo Galindez.