Re: [full-disclosure] Logically Stopping Xss

Full Version: Re: [full-disclosure] Logically Stopping Xss

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

GSecur

Jul 23 2003, 04:37 PM

> -----Original Message-----
> From: Justin Shin [mailto:zorkshin@tampabay.rr.com]
> Sent: Tuesday, July 22, 2003 8:33 PM
> To: Full-Disclosure@Lists.Netsys.Com
> Subject: [Full-Disclosure] logically stopping xss
>
>
> i know there's a lot of stupid jokes about XSS vulns right
> now, but I was wondering if there is any firewall or IDS
> software that can look for suspicious GET requests ... ie.
>
> GET /vulnerablewebapp/?<XSS SHZNIT>
>
> I'm sure there's a program out there ... and I'm stupid,
> please don't kill me...

You're referring to application firewalls, and yes they exist. There are products available specifically designed to protect a web server from all sort of attacks. Look at http://www.owasp.org/ for information about that field in general and what's going on in the open source community WRT it.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.