Cenzic 232 Patent
Paid Advertising
web application security lab

XSS is the Top Security Vulnerability

Don’t take my word for it, Networkworld.com has just published a paper describing XSS as the top security risk of all vulnerabilities. According to MITRE it’s true! Go figure! Well I can’t say it surprised me too much to hear it, but it was surprising to hear it happen so quickly. Yah, it may not be as obviously dangerous as other attacks, because it in of itself is not an attack, it is a vector by which to enable other attacks.

However, it’s great to see “the little vulnerability that could” finally grow into the largest single threat that faces the internet today. As Jeremiah Grossman and I laughed about, we should make a tee-shirt that says “Veni Vedi XSSdi” - that is “I came I saw I XSSd”.

3 Responses to “XSS is the Top Security Vulnerability”

  1. Kyran Says:

    That’s amazing. Hopefully this will get companies with a web-presence taking extra steps to prevent XSS.

  2. Operation n » Blog Archive » Targeted Web Attacks Says:

    […] I recently released an article titled, “Social networks the New FingerD”. This article gave an example of using LinkedIn in passive username enumeration attacks. This article will discuss using Search engines and OpenPGP key servers as additional enumeration resources. None of these ideas are new, but in my opinion require a bit more light, especially when looking at RSnake’s recent XSS Top Vulnerability post […]

  3. Jaimie Sirovich Says:

    Funny, I guess you were reading my mind when you posted this … or vice versa =) Check it out.