[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] How Prevalent Are XSS Vulnerabilities?

From: "Michael Sutton" <msutton@xxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] How Prevalent Are XSS Vulnerabilities?
Date: Wed, 31 Jan 2007 16:09:53 -0500

Last year I made a blog posting detailing an experiment leveraging the
Google Search API to seek empirical evidence on the prevalence of SQL
injection vulnerabilities. Since that time, I've wanted to do something
similar for XSS vulnerabilities and have finally found the time to do
so. The bottom line - 47 of the 272 sites (17.3%) included in the
experiment were vulnerable to XSS. While some of the vulnerable sites
had rudimentary blacklists in place, they were not effective
countermeasures. The more concerning statistic is that this research
looked at only a single input vector on each website identified by
Google and even then nearly one in five sites were found to be
vulnerable. It looks like we have our work cut out for us. The blog has
been posted to: 

http://portal.spidynamics.com/blogs/msutton/archive/2007/01/31/How-Preva
lent-Are-XSS-Vulnerabilities_3F00_.aspx

Michael Sutton
Security Evangelist
SPI Dynamics
http://portal.spidynamics.com/blogs/msutton


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Prev by Date: [WEB SECURITY] Targeted password cracking by exploiting the registration functionality of a web application
Next by Date: [WEB SECURITY] stompy 0.04
Previous by thread: [WEB SECURITY] Targeted password cracking by exploiting the registration functionality of a web application
Next by thread: [WEB SECURITY] stompy 0.04
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site