// archives

WebAppSec

RSS feed for this section
This category contains 2 posts

How I tell my clients that XSS is bad

By chopstick September 14, 2009 Comments

The mixed bag of reactions to XSS or Cross Site Scripting vulnerabilities is interesting to watch.  As a security professional, I’ve audited banking applications based on web technologies and have in all cases come away with at least one XSS vulnerability.  When presented to the client and to the vendor, I get some interesting reactions.
“You [...]

Re-login plugin for Burp Suite

By chopstick May 8, 2009 Comments

One of the first things I do when I begin a web application security assessment is figure out how the login sequence works. Then as I begin to annoy the application, I figure out what makes the application say, “Enough!” and kick me out by invalidating my session. With this, I can automate the process [...]