[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] White Paper: Cross-Site Scripting Worms and Viruses

From: Jeremiah Grossman <jeremiah@xxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] White Paper: Cross-Site Scripting Worms and Viruses
Date: Wed, 3 May 2006 12:17:55 -0700

Cross-Site Scripting Worms and Viruses[1] white paper, describes how "XSS outbreaks are capable of propagating faster and cleaner than even the most notorious worms such as Code Red, Slammer and Blaster." For comparison, the Samy Worm[2] that shutdown MySpace last year controlled enough web browsers to possibly leverage "122 Gb/ s of throughput and 1,000,000 HTTP requests per/sec", about 100x the resources of the massive DDoS attack[3] that knocked out Yahoo, Schwab, and Amazon.com in early 2000. Currently we are in the early stages of XSS malware exploration.

[1] http://www.whitehatsec.com/downloads/WHXSSThreats.pdf
[2] http://namb.la/popular/
[3] http://news.bbc.co.uk/1/hi/sci/tech/635444.stm


Regards,

Jeremiah Grossman
Founder and CTO
WhiteHat Security, Inc.
http://www.whitehatsec.com


- Sponsored Advertisement --------------------------------------------------
The Software Security Summit is the only event that addresses security
issues at the application development level. Join us Jun 5-7, Baltimore, MD.
http://www.s-3con.com
----------------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/

Prev by Date: Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth)
Next by Date: Re: [WEB SECURITY] cookies a fundamental threat?
Previous by thread: [WEB SECURITY] security etiquette?
Next by thread: [WEB SECURITY] Java -noverify PoC
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org