-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
____/ Lusotec on Tuesday 11 August 2009 08:38 : \____
> Roy Schestowitz wrote:
>> MoD website outflanked by XSS flaws
>>
>> http://www.theregister.co.uk/2009/08/10/mod_xss_vulns/
>>
>> It's a Windows shop.
>>
>> http://toolbar.netcraft.com/site_report?url=http://www.mod.uk
>>
>> 500,000 Web sites were cracked due to similar issues last year (XSS on
>> IIS).
>
> XSS security vulnerabilities are in the scripts driving the site. XSS (and
> also SQL injections) vulnerabilities are the result of coding flaws in the
> script where the inputs are not properly checked and sanitized. The OS and
> web server has nothing to do with it.
I've read somewhere that a good database can prevent this too, at a lower
level. In the context of Windows servers, this was states as well.
- --
~~ Best of wishes
Roy S. Schestowitz | "Black holes are where God is divided by zero"
http://Schestowitz.com | Free as in Free Beer | PGP-Key: 0x74572E8E
Cpu(s): 22.6%us, 5.0%sy, 0.1%ni, 70.6%id, 1.3%wa, 0.0%hi, 0.4%si, 0.0%st
http://iuron.com - semantic engine to gather information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqBRd8ACgkQU4xAY3RXLo7vlgCglDYSygEBsPguVcKrPeJOD09I
mawAmgO5jd114Ufdp8ulvTeE3xdYHtbu
=tpxe
-----END PGP SIGNATURE-----
|
|
