in XSS session at #heweb08
latest #17
Inject scripts into browser
in 2006, XSS vulnerabilities made up almost 70%
education has the highest vulnerabilty
XSS is usually just the first step in a larger attack
XSS is Platform independent
XSS Can spread much faster than traditional viruses/malware
Vulnerability only exists in the URL
Steps: Input Filtering, Input Validation, Output Encoding
XSS Me - a firefox extension that checks vulnerabilities in the current page.
every app at Mizzou has to go through an injection/XSS audit before launch.
scary stuff - where to begin with our own site???
back to top