-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!
> i know there's a lot of stupid jokes about XSS vulns right > now, but I was wondering if there is any firewall or IDS > software that can look for suspicious GET requests ... ie. > > GET /vulnerablewebapp/?<XSS SHZNIT> Watch out! Not just GET requests should be checked. These sources should help you: http://www.computec.ch/mruef/advisories/black_ice_pc_protection_xss_evasion.txt http://www.securityfocus.com/bid/7942 Bye, Marc - -- ) scip AG ( Technoparkstr. 1 8005 Zürich T +41 1 445 18 18 F +41 1 445 18 19 [EMAIL PROTECTED] www.scip.ch - - Aktuellste IT-Sicherheitsluecken - -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPx46gBe5hzJzqVMhEQLo3ACePQMjlsnO+dUyKugObsE6sBWLEDUAoORo ZO9MgywPrJRI05CdfXba86tU =6byH -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html