New Hands-On Cross Site Scripting Training Podcast
Dan Kuykendall over at Mightyseek just put out his second cross site scripting (XSS) podcast. Honestly, I think this time around he is doing a much better job explaining, not just how it works, but some of the details around filter evasion. He actually sets up a hackme type server with a few examples that show how to evade them.
Additionally he plugs the cross site scripting cheat sheet (no, he wasn’t paid for the plug). As dynamic website technology advances, and there are more unique forms of filters in the world, this is going to be more and more imperative over time. Anyway, if you are new to XSS, Dan’s podcast is worth a listen. It’s definitely not designed for the web application security professional, but rather, it’s a simple tutorial. Hopefully this sort of thing will continue, because as the web grows, XSS, and all forms of web application security will become a bigger issue.
July 30th, 2006 at 12:54 am
Thought this was a great presentation and I plan to refer client developers to it.
Kudos on a job very well done,
- Carl
July 31st, 2006 at 1:13 pm
Thanks for the good comments about the podcast. As things progress I do plan on digging into the real web app sec pro issues and basically discuss research and experiments in depth, but I figured I should start by laying out the groundwork and then moving into the hardcore details along the way.
August 2nd, 2006 at 12:25 pm
Seek3r, I’m curious to see more. I think some of the stuff you are doing goes hand in hand with what Dave is working on http://blogged-on.de/xss/. Maybe there’s room to combine the two projects?