From 76dc6fe3b5c179b8b82d466cf18d5c9d46dd2647 Mon Sep 17 00:00:00 2001 From: leithoff Date: Fri, 27 May 2016 15:56:54 +0200 Subject: [PATCH] Created XSS Conclusion (markdown) --- XSS-Conclusion.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 XSS-Conclusion.md diff --git a/XSS-Conclusion.md b/XSS-Conclusion.md new file mode 100644 index 0000000..c0c3c91 --- /dev/null +++ b/XSS-Conclusion.md @@ -0,0 +1,28 @@ + +#### Section 4 - Conclusion. +By now I hope you all understand that Cross sight scripting is not as trivial +a 'security' hole as it appears on the surface as all of the simple demos +people post as examples. + +Identifying Cross Sight Scripting is the easy part. + +Foreseeing its possibilities and knowing how to use it to impact a user base +is the hard part, and is the part that is not widely discussed. + +With XSS so widely written about and so misunderstood alot of people have walked away +with the false conclusion that it is an annoyance and not a threat. + +The purpose of this paper is not to arm a hoard of script kiddies with a bunch of +proven tricks, but is to try to instill a sense as its actual dangers and impacts +with those who are in the position to do something about it. + +As with all knowledge, it can be a double sided sword. As rfp's paper on Sql injection +techniques brought out the dangers of Sql injection to the public I too hope that +this paper may have a similar effect and raising awareness and helping people to +limit their own (and their surfer populations) exposure. + +You may not loose your server to XSS attacks, it may not DOS your network, but you +may loose your users, and you may be the reason your clients lost their credit card +numbers, fell victim to identity theft or had their accounts tampered with. + +back to DeveloperDocs / CrossSiteScripting or prev. Section ((XSS Inside the mind, mental walk along of a XSS hack)) \ No newline at end of file