// archives

WebAppSec

RSS feed for this section
This category contains 2 posts

How I tell my clients that XSS is bad

By September 14, 2009 One comment

The mixed bag of reactions to XSS or Cross Site Scripting vulnerabilities is interesting to watch.  As a security professional, I’ve audited banking applications based on web technologies and have in all cases come away with at least one XSS vulnerability.  When presented to the client and to the vendor, I get some interesting reactions. [...]

Re-login plugin for Burp Suite

By May 8, 2009 6 comments

One of the first things I do when I begin a web application security assessment is figure out how the login sequence works. Then as I begin to annoy the application, I figure out what makes the application say, “Enough!” and kick me out by invalidating my session. With this, I can automate the process [...]