We just opened up a new webcast that involves me and Joel Scambray talking about our new book Web Hacking Exposed 2. We throw in some great webhacking examples. Should be fun to watch. If you have any feedback on it let me know
https://download.spidynamics.com/Registration/hackingexp_web.asp
I just watched the webcast and it was excellent. I plan to show it to my web engineering class next week.
Could you post the list of links here, since that slide isn't visible long enough to note them.
Thanks,
Mike
§Samy’s explanationhttp://namb.la/popular/
§Yamanner source code attachmenthttp://groovin.net/stuff/yammer.txt
§Earlier Yahoo Mail XSS vulnerability using STYLE onload attribute:http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040599.html
§Earlier Yahoo Mail vulnerability using commented </form>:http://www.mcgees.org/2003/07/24/yahoo-mail-exploit/
§Yamanner countermeasures reported:http://antivirus.about.com/od/virusdescriptions/a/yamanner.htm§Robert Hansen (RSnake)’s XSS Cheat Sheethttp://ha.ckers.org/xss.html
§SafeHTML (PHP)http://directory.fsf.org/all/SafeHTML.html
§“How to Prevent XSS in ASP.NET”http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000004.asp
§.NET Framework HttpServerUtility.HtmlEncode Methodhttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebHttpServerUtilityClassHtmlEncodeTopic.asp
This webcast is very interesting.I really liked that you pointed out that the configuration is one of the most important part for the security and not only the classical XSS, SQL Injection etc.