REVIEW: "XSS Attacks", Jeremiah Grossman et al
- BKXSSATK.RVW 20080308
"XSS Attacks", Jeremiah Grossman et al, 2007, 978-1-59749-154-9,
%A Jeremiah Grossman
%A Robert Hansen RSnake ha.ckers.org
%A Petko D. Petkov gnucitizen.org
%A Anton Rager
%A Seth Fogie
%C 800 Hingham Street, Rockland, MA 02370
%G 978-1-59749-154-9 1-59749-154-3
%I Syngress Media, Inc.
%O U$59.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 448 p.
%T "XSS Attacks: Cross Site Scripting Exploits and Defense"
Chapter one traces cross-site scripting (XSS) back to early iframe
security problems, David Rice's 1999 "Script Injection" paper, and
ensuing discussion; bemoans the confusion surrounding the range of
technologies and exploits linked to this term; and then seems to say
particularly the XMLHttpRequest object. In all of this, XSS does not
get delineated in any definitive manner. A number of utilities for
probing Websites and Web interactions are briefly described in chapter
two. Despite the title, chapter three does not provide an explanation
of "XSS Theory," but simply lists examples of XSS attack code. There
is little explanation or analysis of the processes involved, and any
content is specific to the particular commands used, rather than XSS
concepts. The same emphasis on code is true in chapter four (even
more so: the code sections are much longer), and in five and six as
well. Thus, four chapters are simply one long list of code samples
and snippets, with little tutorial value other than to provide
specimens for script-kiddies to copy.
Chapter seven discusses exploit frameworks that can be used to
automate attacks and tests against the browser. XSS attacks that can
reproduce or multiply effects are examined in chapter eight.
Protection and defence is purported to be covered in chapter nine, but
the material is terse and weak.
In relation to the page count, the content of the book has slight
value in terms of teaching what cross-site scripting attacks (as
opposed to other forms of malware) are, and how to protect against
copyright Robert M. Slade, 2008 BKXSSATK.RVW 20080308
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
More than any time in history mankind faces a crossroads. One
path leads to despair and utter hopelessness, the other to total
extinction. Let us pray that we have the wisdom to choose
correctly. - Woody Allen