WASC Script Mapping Project extends RSnake XSS Cheat Sheet ?
On Aug. 27, WASC released the Script Mapping Project which is intended to be an exhaustive refference on XSS vectors.
The purpose of the WASC Script Mapping Project is to come up with an exhaustive list of vectors to execute script within a web page without the use of <script> tags. This data can be useful when testing poorly implemented Cross-site Scripting blacklist filters, for those wishing to build an html white list system, as well as other uses.
What I fail to understand is why WASC didn’t include as a starting point RSnake’s excellent XSS Cheat Sheet. It’s not like they would be the first. OWASP already quotes RSnake’s work as a valuable resource.
So I would say it’s either re-inventing the WASC-branded wheel of XSS Cheat Sheet or it’s my blissful ignorance (there are no files released so far). I guess we’ll see how (counter)productive this initiative will prove in time.
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Monday, September 3rd, 2007 . Tagged with:You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: New Release : Tiger 3.2.2 , the Unix Security Audit Tool »
Next Post: Security Tools Fast Links 1 »
Read More
Related Reading:- Animated Presentation on Sony PSN Hack
- ArcSight Tip #1 – arcsight managersetup notification test
- I’m a CISSP
- Operation:Payback or Social Vendetta is Here
- I got owned by Malware Destructor 2011 Virus
- New Downtime Cost Calculator by Storagepipe.com. What if ?
- Securing Your Network from Web Threats
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!
- My Twitter Notes on 2010-07-18
