Cenzic 232 Patent
Paid Advertising
web application security lab

New Hands-On Cross Site Scripting Training Podcast

Dan Kuykendall over at Mightyseek just put out his second cross site scripting (XSS) podcast.  Honestly, I think this time around he is doing a much better job explaining, not just how it works, but some of the details around filter evasion.  He actually sets up a hackme type server with a few examples that show how to evade them.

Additionally he plugs the cross site scripting cheat sheet (no, he wasn’t paid for the plug).  As dynamic website technology advances, and there are more unique forms of filters in the world, this is going to be more and more imperative over time.  Anyway, if you are new to XSS, Dan’s podcast is worth a listen.  It’s definitely not designed for the web application security professional, but rather, it’s a simple tutorial.  Hopefully this sort of thing will continue, because as the web grows, XSS, and all forms of web application security will become a bigger issue.

3 Responses to “New Hands-On Cross Site Scripting Training Podcast”

  1. Carl Davis Says:

    Thought this was a great presentation and I plan to refer client developers to it.

    Kudos on a job very well done,

    - Carl

  2. Seek3r Says:

    Thanks for the good comments about the podcast. As things progress I do plan on digging into the real web app sec pro issues and basically discuss research and experiments in depth, but I figured I should start by laying out the groundwork and then moving into the hardcore details along the way.

  3. RSnake Says:

    Seek3r, I’m curious to see more. I think some of the stuff you are doing goes hand in hand with what Dave is working on http://blogged-on.de/xss/. Maybe there’s room to combine the two projects?