| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0c6901c6af8e$70449f00$0200a8c0@AMD2500> Date: Tue, 25 Jul 2006 03:02:50 +0100 From: "Aaron Gray" <angray@...b.net> To: <full-disclosure@...ts.grok.org.uk> Cc: bugtraq@...urityfocus.com Subject: Re: To XSS or not? >how we will measure which one is major and which not ? >major for you is minor for me and vice versa. Major is an XSS on a well used "major"web site, or a financial based webh site even if it is a "minor" web site. A "minor" XSS web vulnability is one on a little known site. Hope you argee with this definition. >if we agree that XSS are vulns (i personally agree) then they deserve to >be reported. Just look at the subject of the message that report a XSS >and choose to read it or to not read it. Yes I do, but I think a spcialized list is in order for web vulnabilities. >XSS are based on bad code practices .. some day the programmers will >learn to not make such mistakes if we point them. if we ignore them .... >well security is not based on ignorance. Yes I need to learn about this area as I am doing a couple of PHP&MySQL based web sites myself and would like a specialized list to ask Q's on. Regards, Aaron >Aaron Gray wrote: >> Major ones could still be reported on the other lists. >> >> Aaron >> >>> something like xsstraq powered on securityfocus should be cleaner yep :) >>> >>>> Maybe there should be a special XSS list that could specialize in >>>> that area ? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists