What's on your mind?

Re: Web Hacking Exposed 2 Webcast

nEUrOO — Wed, 29 Nov 2006 13:35:35 GMT

This webcast is very interesting.
I really liked that you pointed out that the configuration is one of the most important part for the security and not only the classical XSS, SQL Injection etc.

Re: Web Hacking Exposed 2 Webcast

caleb — Mon, 27 Nov 2006 09:49:58 GMT

§Samy’s explanation
http://namb.la/popular/

§Yamanner source code attachment
http://groovin.net/stuff/yammer.txt

§Earlier Yahoo Mail XSS vulnerability using STYLE onload attribute:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040599.html

§Earlier Yahoo Mail vulnerability using commented </form>:
http://www.mcgees.org/2003/07/24/yahoo-mail-exploit/

§Yamanner countermeasures reported:
http://antivirus.about.com/od/virusdescriptions/a/yamanner.htm
§Robert Hansen (RSnake)’s XSS Cheat Sheet
http://ha.ckers.org/xss.html

§SafeHTML (PHP)
http://directory.fsf.org/all/SafeHTML.html

§“How to Prevent XSS in ASP.NET”
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000004.asp

§.NET Framework HttpServerUtility.HtmlEncode Method
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/frlrfSystemWebHttpServerUtilityClassHtmlEncodeTopic.asp

Re: Web Hacking Exposed 2 Webcast

Anonymous — Tue, 21 Nov 2006 15:32:08 GMT

I just watched the webcast and it was excellent. I plan to show it to my web engineering class next week.

Could you post the list of links here, since that slide isn't visible long enough to note them.

Thanks,

Mike

Web Hacking Exposed 2 Webcast

caleb — Fri, 10 Nov 2006 11:33:41 GMT

We just opened up a new webcast that involves me and Joel Scambray talking about our new book Web Hacking Exposed 2. We throw in some great webhacking examples. Should be fun to watch. If you have any feedback on it let me know

https://download.spidynamics.com/Registration/hackingexp_web.asp