Jan 21 2009

XSS Prevention Cheat Sheet

Those of you interested in coding and programing — specifically those of you who are dabbling with releasing your own scripts — are probably already aware of my lengthy rambles on sanitising input data, not trusting anything, etc etc. However, where I leave you to discover the nuances of individual language security on your own, OWASP (Open Web Application Security Project) have gone straight to the core of one of the biggest security threats to online applications and scripts: XSS

I heartily recommend reading, digesting, favouriting and then re-reading the XSS (Cross Site Scripting) Prevention Cheat Sheet.

It’s either that, or you risk ending up on the milw0rm web apps exploits/vulns list. (Talking of which… any of you running Dodo’s Quiz might want to read this advisory; but then I have warned you all of the dangers of Dodo’s scripts before.)

9

Tags: , , , .

Warning

This post is over 6 months old. This means that, despite my best intentions, it may no longer be accurate. Age, motherhood, experience, loss... these things have all changed me from when this blog was started back in the heady (ha) days of my youth.

As much as I would like to go back and edit 10 years of archives to provide an insight into the 'me' of now — to update coding snippets and revise website advice — it would probably take years to do so (by which point I'd have to start again!) This would defeat the point of keeping these archives anyway.

Please take these posts for what they are: a brief look into my past, my history, my journey.

9 Responses so far

  1. Aisling says: January 21, 2009 at 10:55 pm # ·

    … before I can prevent XSS, how do I find out what it is? :P

  2. Jem says: January 21, 2009 at 10:58 pm # ·

    Click the word XSS in the linked article..?

  3. Aisling says: January 21, 2009 at 11:02 pm # ·

    … so much work. :(

  4. Vasili says: January 21, 2009 at 11:36 pm # ·

    Hopefully I’ll have time to read this (again) over the weekend. I know I have a PDF of XSS prevention somewhere on my computer…

  5. Kachii says: January 22, 2009 at 12:03 am # ·

    My friend started writing a browser based RPG recently and has very little experience of programming (but a willingness to learn) and it’s amazing how things like that don’t seem to cross a novice’s brain. I broke her page within minutes.

    Anyway, things like that are why I don’t even want to release my own scripts to the public. I fear exploitation through my own negligence.

  6. Ben says: January 22, 2009 at 8:54 am # ·

    Cheers for this Jem. I will surely have a good read of this tonight :)

  7. Chans says: January 22, 2009 at 9:31 am # ·

    I can’t code well so I don’t try it but this is a good read to keep in mind when I actually decide to try and code or program (if I ever will)

  8. Mumblies says: January 22, 2009 at 12:56 pm # ·

    Meh! :)

  9. Stephanie says: January 22, 2009 at 8:06 pm # ·

    I’m with your mum on this one :P