[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)

From: Gervase Markham <gerv@xxxxxxxx>
Subject: Re: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
Date: Sun, 25 Jun 2006 22:09:46 +0100

Brian Eaton wrote:
> I've been wondering whether web application developers could cooperate
> with browser vendors to find a way to make XSS and CSRF harder to
> exploit.  

Yes, there is:

http://www.gerv.net/security/content-restrictions/
http://www.gerv.net/security/script-keys/

(The two approaches are complementary.)

I haven't given up on doing these; I just need to find the time. But if
someone else wants to try implementing them, that would be great. I
could find out for you who knows the various bits of code.

Gerv

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] XSS-Phishing on Financial Sites (Tip of the iceberg)
  - From: Jeremiah Grossman
- [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
  - From: arian.evans
- Re: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
  - From: Brian Eaton

Prev by Date: Re: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
Next by Date: Re: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
Previous by thread: RE: [WEB SECURITY] RE: XSS-Phishing on Financial Sites (Tip of the iceberg)
Next by thread: [WEB SECURITY] Article on XSS
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org