Source

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

Page Contents

OVERVIEW OF THE SIN
CWE REFERENCES
AFFECTED LANGUAGES
THE SIN EXPLAINED
SPOTTING THE SIN PATTERN
SPOTTING THE SIN DURING CODE REVIEW
TESTING TECHNIQUES TO FIND THE SIN
EXAMPLE SINS
REDEMPTION STEPS
EXTRA DEFENSIVE MEASURES
OTHER RESOURCES
SUMMARY

WEB CLIENT–RELATED VULNERABILITIES (XSS)

<anchor role="natural" id="p2001b4bf9980064"></anchor><emphasis role="bold">OVERVIEW OF THE SIN</emphasis> The advent of desktop and web-based gadgets and widgets has ushered in a more common kind of sin: that of the type-0, or DOM-based, cross-site scripting vulnerability. Notice we said “more common” and not “new”; these sins are not new, but they have become more common over the last couple of years. The two most sinful forms of code that suffer type-…

Citation

Michael Howard; David LeBlanc; John Viega: 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. WEB CLIENT–RELATED VULNERABILITIES (XSS), Chapter (McGraw-Hill Professional, 2010), AccessEngineering Export

Sign in

Request a Free Trial for Your Organization

Source

Page Contents

WEB CLIENT–RELATED VULNERABILITIES (XSS)

Please sign in to view the rest of this entry.

Citation