[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks

From: Amit Klein <aksecurity@xxxxxxxxx>
Subject: [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks
Date: Tue, 23 Jan 2007 09:50:06 +0200

Anurag Agarwal wrote:

I have created a xss filter to protect from xss attacks. Though i have filtered only for 8 characters but i was able to test against all the attacks mentioned in the RSnake's cheat sheet. Appscan was not able to detect any xss attacks on it. I request the application security community to help test this filter. 90% i am sure that you wont be able to perform any xss attack on it, the rest 10% i will find out after the feedback from the community. For the curious mind, it is written in java

If this is an open source project - then where is the source code? if it's not - then why should we bother testing it?

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks
  - From: Ryan Barnett

References:
- [WEB SECURITY] xss filter to protect from xss attacks
  - From: Anurag Agarwal

Prev by Date: [WEB SECURITY] xss filter to protect from xss attacks
Next by Date: Re: [WEB SECURITY] xss filter to protect from xss attacks
Previous by thread: [WEB SECURITY] xss filter to protect from xss attacks
Next by thread: Re: [WEB SECURITY] Re: [Webappsec] xss filter to protect from xss attacks
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site