B - I've seen literaure which says servers should
block ' ; ( ) + - characters. If one has not
blocked all these types what are the implications
(i.e., if only types are blocked) ?
while and are the first nessasary step... those
other special characters can sometimes used to
Better yet, only parse out and use the metacharacters that you absolutely
require and ignore the rest.
--
John Daniele
Technical Security Intelligence
Toronto, ON
Voice: (416) 605-2041
Email: [EMAIL PROTECTED]
Web: http://www.tsintel.com
Michael Ungar wrote:
Okay, I understand that part. Only piece I do not
fully understand is
A - Assuming one does not allow Active X to run on
their machine, would not the java sandbox limit
sending cookie or other data to another site ? I
though java sandbox limits what mobile code can do
So Ive noticed a couple questions relating to Cross Site Scripting
ask for an explanation... and how to test for the vulnerabilities.
CSS is still a commonly misunderstood attack and the dangers
unexplained.
I wont go into GREAT detail, but I will try and cover some of the
basics as I know them.