[<prev] [next>] [day] [month] [year] [list]
Message-ID: <001501c73ebf$43f6ec80$0201a8c0@paycycle.com>
Date: Mon, 22 Jan 2007 23:22:38 -0800
From: "Anurag Agarwal" <anurag.agarwal@...oo.com>
To: <bugtraq@...urityfocus.com>
Subject: xss filter to protect from xss attacks
I have created a xss filter to protect from xss attacks. Though i have
filtered only for 8 characters but i was able to test against all the
attacks mentioned in the RSnake's cheat sheet. Appscan was not able to
detect any xss attacks on it. I request the application security community
to help test this filter. 90% i am sure that you wont be able to perform any
xss attack on it, the rest 10% i will find out after the feedback from the
community. For the curious mind, it is written in java
In case if you are successful in performing xss attack, please do reply to
this email with your name, browser and the xss attack string.
url - http://www.attacklabs.com/xssfilter/
I appreciate your time and effort. Thanks a lot in advance
regards
Anurag
Powered by blists - more mailing lists