Archive for the ‘XSS’ Category

Scan AJAX for XSS entry points

Friday, February 16th, 2007

Cross site scripting (XSS) is a big problem in web application environments.  In fact, the 2007 OWASP Top Ten list of web application vulnerabilities has XSS at #1.  In a recent paper, Shreeraj Shah, founder of Net Square, describes in detail the process for protecting applications developed using the AJAX framework.  It also includes scripts to automatically scan code for XSS vulnerabilities.  The paper can be found here.