XSS is the Top Security Vulnerability
Don’t take my word for it, Networkworld.com has just published a paper describing XSS as the top security risk of all vulnerabilities. According to MITRE it’s true! Go figure! Well I can’t say it surprised me too much to hear it, but it was surprising to hear it happen so quickly. Yah, it may not be as obviously dangerous as other attacks, because it in of itself is not an attack, it is a vector by which to enable other attacks.
However, it’s great to see “the little vulnerability that could” finally grow into the largest single threat that faces the internet today. As Jeremiah Grossman and I laughed about, we should make a tee-shirt that says “Veni Vedi XSSdi” - that is “I came I saw I XSSd”.
September 20th, 2006 at 1:41 pm
That’s amazing. Hopefully this will get companies with a web-presence taking extra steps to prevent XSS.
September 21st, 2006 at 4:37 am
[…] I recently released an article titled, “Social networks the New FingerD”. This article gave an example of using LinkedIn in passive username enumeration attacks. This article will discuss using Search engines and OpenPGP key servers as additional enumeration resources. None of these ideas are new, but in my opinion require a bit more light, especially when looking at RSnake’s recent XSS Top Vulnerability post […]
September 21st, 2006 at 1:17 pm
Funny, I guess you were reading my mind when you posted this … or vice versa =) Check it out.