-
Recent Posts
Recent Comments
Archives
Categories
- Access Control Flaws
- Authentication Flaws
- Backdoors
- Blind SQL Injection
- Bypass Client Side Validation
- Cache Poisoning
- Client Side Filtering Attacks
- Client-Side Attacks
- Cross Site Request Forgery
- Cross Site Scripting
- Cross Site Tracing Attacks
- Cryptographic Attacks
- Data Layer Access Control
- Denial of Service
- DOM Based XSS
- Encoding
- Fail Open Authentication
- File Handling Vulnerabilities
- Hidden Fields
- HTTP Splitting
- Improper Error Handling
- Injection Flaws
- Insecure Client Storage
- Insecure Login
- JSON Injection
- Log Spoofing
- Multi-Level Logon
- Numeric SQL Injection
- Password Recovery Attack
- Reflected XSS
- Remote Admin Attacks
- Same Origin Policy Protection
- Session Hijacking
- Silent Transactions Attack
- SOAP Request
- Spoofing Cookies
- SQL Injection
- Stored XSS
- String SQL Injection
- Thread Safety Problems
- Uncategorized
- Weak Authentication
- WSDL Scanning
- XML Injection
- XPATH Injection
Meta
Category Archives: Cross Site Scripting
Hacme Books Week 4
This is the fourth in a series of five posts for the vulnerable web application Hacme Books. New posts for Hacme Books will post every Monday. Cross Site Scripting Attacks A Cross Site Scripting attack is most commonly used for … Continue reading
Posted in Cross Site Scripting, Cryptographic Attacks
Tagged cross site scripting, Crypto
Leave a comment
WebGoat Week 9
This is the ninth in a series of ten posts for the OWSAP WebGoat vulnerable web application. New posts for WebGoat will post every Monday. Exploit Unchecked Email This lesson has two steps: first you are to send a malicious … Continue reading
WebGoat Week 6
This is the sixth in a series of ten posts for the OWSAP WebGoat vulnerable web application. New posts for WebGoat will post every Monday. Concurrency Thread Safety Problems First things first, you will need two separate browsers to do … Continue reading
WebGoat Week 2
This is the second in a series of ten posts for the OWSAP WebGoat vulnerable web application. New posts for WebGoat will post every Monday. LAB: Role Based Access Control Scheme Bypass Business Layer Access Control For this lab you … Continue reading
WAVSEP – Web Application Vulnerability Scanner Evaluation Project
I have to admit that I really think this is a good idea. Shay Chen (@sectooladdict) has put together a project to evaluate Web Application Vulnerability scanners. He calls it WAVSEP. The project is currently being hosted on Google code. … Continue reading
Cross Site Scripting – So what?
Ok – so I decided to put in a few things about Cross Site Scripting. I wanted to give you enough information to be able to both understand XSS, and more importantly do it against a modern application protected by … Continue reading
Posted in Cross Site Scripting
Tagged dom-based xss, filter evasion, reflected xss, stored xss
Leave a comment
