struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Bollmeyer <j...@christianbollmeyer.de>
Subject Re: Cross-Site Scripting attack
Date Fri, 28 Oct 2005 08:38:10 GMT
Hi,

don't have any recommendations specifically for CSS attacks at hand,
but you may want to hava a look at WebGoat and WebScarab avai-
lable from here:

http://www.owasp.org/software/webgoat.html

WebGoat teaches common Java web security pitfalls and has been
quite successfuly used here for internal developer training. WebScarab
is a proxy that enables one to change nearly everything in the request
before it is being sent to the server, without having to change the
HTML each time. Quite useful and enlightening :-)

HTH,
-- Christian.

Deepa Khetan schrieb:
> Hi,
>  I am working for the Security of my site. Read about Cross-Site-Scripting
> attacks being most common. Can anyone help me regarding what can be the best
> freeware tool to test a CSS vulnerability of my site. Also, any suggestions
> on how CSS attack can be avoided? We are using Struts framework.
>  Any information/suggestion is most welcome.
>  Deepa
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message