mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-28 02:43:22 +01:00
Created XSS Conclusion (markdown)
parent
8f4b9d3e71
commit
76dc6fe3b5
28
XSS-Conclusion.md
Normal file
28
XSS-Conclusion.md
Normal file
@ -0,0 +1,28 @@
|
||||
|
||||
#### Section 4 - Conclusion.
|
||||
By now I hope you all understand that Cross sight scripting is not as trivial
|
||||
a 'security' hole as it appears on the surface as all of the simple demos
|
||||
people post as examples.
|
||||
|
||||
Identifying Cross Sight Scripting is the easy part.
|
||||
|
||||
Foreseeing its possibilities and knowing how to use it to impact a user base
|
||||
is the hard part, and is the part that is not widely discussed.
|
||||
|
||||
With XSS so widely written about and so misunderstood alot of people have walked away
|
||||
with the false conclusion that it is an annoyance and not a threat.
|
||||
|
||||
The purpose of this paper is not to arm a hoard of script kiddies with a bunch of
|
||||
proven tricks, but is to try to instill a sense as its actual dangers and impacts
|
||||
with those who are in the position to do something about it.
|
||||
|
||||
As with all knowledge, it can be a double sided sword. As rfp's paper on Sql injection
|
||||
techniques brought out the dangers of Sql injection to the public I too hope that
|
||||
this paper may have a similar effect and raising awareness and helping people to
|
||||
limit their own (and their surfer populations) exposure.
|
||||
|
||||
You may not loose your server to XSS attacks, it may not DOS your network, but you
|
||||
may loose your users, and you may be the reason your clients lost their credit card
|
||||
numbers, fell victim to identity theft or had their accounts tampered with.
|
||||
|
||||
back to DeveloperDocs / CrossSiteScripting or prev. Section ((XSS Inside the mind, mental walk along of a XSS hack))
|
Loading…
Reference in New Issue
Block a user