Jan21, 2009
XSS Prevention Cheat Sheet
Those of you interested in coding and programing — specifically those of you who are dabbling with releasing your own scripts — are probably already aware of my lengthy rambles on sanitising input data, not trusting anything, etc etc. However, where I leave you to discover the nuances of individual language security on your own, OWASP (Open Web Application Security Project) have gone straight to the core of one of the biggest security threats to online applications and scripts: XSS
I heartily recommend reading, digesting, favouriting and then re-reading the XSS (Cross Site Scripting) Prevention Cheat Sheet.
It's either that, or you risk ending up on the milw0rm web apps exploits/vulns list. (Talking of which... any of you running Dodo's Quiz might want to read this advisory; but then I have warned you all of the dangers of Dodo's scripts before.)
Comments
There are currently 9 approved responses to "XSS Prevention Cheat Sheet".
-
![[gravatar]](http://www.gravatar.com/avatar.php?gravatar_id=03e8b63c1dfbd7a83de5b896b8b0fe50&default=http%3A%2F%2Fwww.jemjabella.co.uk%2Fimages%2Fnogravatar.gif&size=98)
... before I can prevent XSS, how do I find out what it is? :P
-
![[gravatar]](http://www.gravatar.com/avatar.php?gravatar_id=55208acc66708f2fbbd95f1fca239771&default=http%3A%2F%2Fwww.jemjabella.co.uk%2Fimages%2Fnogravatar.gif&size=98)
Click the word XSS in the linked article..?
-
... so much work. :(
-
![[gravatar]](http://www.gravatar.com/avatar.php?gravatar_id=375f473e75b0db1e161bb7554904634e&default=http%3A%2F%2Fwww.jemjabella.co.uk%2Fimages%2Fnogravatar.gif&size=98)
Hopefully I'll have time to read this (again) over the weekend. I know I have a PDF of XSS prevention somewhere on my computer...
-
![[gravatar]](http://www.gravatar.com/avatar.php?gravatar_id=f868a7d36323e80a7cf37e79d8e5c370&default=http%3A%2F%2Fwww.jemjabella.co.uk%2Fimages%2Fnogravatar.gif&size=98)
My friend started writing a browser based RPG recently and has very little experience of programming (but a willingness to learn) and it's amazing how things like that don't seem to cross a novice's brain. I broke her page within minutes.
Anyway, things like that are why I don't even want to release my own scripts to the public. I fear exploitation through my own negligence.
-
![[gravatar]](http://www.gravatar.com/avatar.php?gravatar_id=329a6c7e1c855fe87693ee8df1f3c206&default=http%3A%2F%2Fwww.jemjabella.co.uk%2Fimages%2Fnogravatar.gif&size=98)
Cheers for this Jem. I will surely have a good read of this tonight :)
-
![[gravatar]](http://www.gravatar.com/avatar.php?gravatar_id=29a008e3f459610c0585dc2f07712164&default=http%3A%2F%2Fwww.jemjabella.co.uk%2Fimages%2Fnogravatar.gif&size=98)
I can't code well so I don't try it but this is a good read to keep in mind when I actually decide to try and code or program (if I ever will)
-
Meh! :)
-
![[gravatar]](http://www.gravatar.com/avatar.php?gravatar_id=ce4641adc952cd4064d391040cd1141c&default=http%3A%2F%2Fwww.jemjabella.co.uk%2Fimages%2Fnogravatar.gif&size=98)
I'm with your mum on this one :P
Welcome to the blog of girl geek & php ninja; Jem. Web developer, mum and crazy cat lady talks about parenting, pets and php 
