Showing 2 results for: November 2012 ×Application Security ×

Detecting Successful XSS Testing with JS Overrides

Do you know when an attacker or security researcher successfully finds a Cross-site Scripting (XSS) vulnerability in your web application? This blog post will demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to response pages that...

[Honeypot Alert] User-Agent Field XSS Attacks

Our web honeypots picked up some more XSS attacks today: The highlighted data in the Apache access_log holds the User-Agent field token data from the request. In this case, the attacker has inserted some Javascript code that would use the...