| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Schmehl, Paul L) Subject: logically stopping xss > -----Original Message----- > From: Justin Shin [mailto:zorkshin@...pabay.rr.com] > Sent: Tuesday, July 22, 2003 8:33 PM > To: Full-Disclosure@...ts.Netsys.Com > Subject: [Full-Disclosure] logically stopping xss > > > i know there's a lot of stupid jokes about XSS vulns right > now, but I was wondering if there is any firewall or IDS > software that can look for suspicious GET requests ... ie. > > GET /vulnerablewebapp/?<XSS SHZNIT> > > I'm sure there's a program out there ... and I'm stupid, > please don't kill me... You're referring to application firewalls, and yes they exist. There are products available specifically designed to protect a web server from all sort of attacks. Look at http://www.owasp.org/ for information about that field in general and what's going on in the open source community WRT it. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists