WASC Script Mapping Project extends RSnake XSS Cheat Sheet ?

WASC Script Mapping Project extends RSnake XSS Cheat Sheet On Aug. 27, WASC released the Script Mapping Project which is intended to be an exhaustive refference on XSS vectors.

The purpose of the WASC Script Mapping Project is to come up with an exhaustive list of vectors to execute script within a web page without the use of <script> tags. This data can be useful when testing poorly implemented Cross-site Scripting blacklist filters, for those wishing to build an html white list system, as well as other uses.

What I fail to understand is why WASC didn’t include as a starting point RSnake’s excellent XSS Cheat Sheet. It’s not like they would be the first. OWASP already quotes RSnake’s work  as a valuable resource.

So I would say it’s either re-inventing the WASC-branded wheel of XSS Cheat Sheet or it’s  my blissful ignorance (there are no files released so far). I guess we’ll see how (counter)productive this initiative will prove in time.

Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post

Subscribe without commenting

Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge