WASC Script Mapping Project extends RSnake XSS Cheat Sheet ?
On Aug. 27, WASC released the Script Mapping Project which is intended to be an exhaustive refference on XSS vectors.
The purpose of the WASC Script Mapping Project is to come up with an exhaustive list of vectors to execute script within a web page without the use of <script> tags. This data can be useful when testing poorly implemented Cross-site Scripting blacklist filters, for those wishing to build an html white list system, as well as other uses.
What I fail to understand is why WASC didn’t include as a starting point RSnake’s excellent XSS Cheat Sheet. It’s not like they would be the first. OWASP already quotes RSnake’s work as a valuable resource.
So I would say it’s either re-inventing the WASC-branded wheel of XSS Cheat Sheet or it’s my blissful ignorance (there are no files released so far). I guess we’ll see how (counter)productive this initiative will prove in time.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Post Info
This entry was posted on Monday, September 3rd, 2007 and is filed under Web Applications, Tools.You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: New Release : Tiger 3.2.2 , the Unix Security Audit Tool »
Next Post: Security Tools Fast Links 1 »
Read More
Related Reading:- Free alternative to ArcSight ESM ? Hardly..
- Privacy Dilemma: How to Protect Yourself Online
- Solera Networks Deep-Packet Capture Review
- WordPress Exploit Scanner
- Phishing Exposed, Brands Secured
- Scanners: New Nessus Release; New eEye Web Scanner
- Good News from ArcSight and Imperva
- CCTV Security Camera and Surveillance Equipment
- OpenDNS Offers Free Web Content Filtering
- Can I Evade ScanSafe Anywhere+ ?
