Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "XSS Attacks", Jeremiah Grossman et al

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Han
    BKXSSATK.RVW 20080308 XSS Attacks , Jeremiah Grossman et al, 2007, 978-1-59749-154-9, U$59.95 %A Jeremiah Grossman %A Robert Hansen RSnake ha.ckers.org
    Message 1 of 1 , Jul 14, 2008
    • 0 Attachment
      BKXSSATK.RVW 20080308

      "XSS Attacks", Jeremiah Grossman et al, 2007, 978-1-59749-154-9,
      %A Jeremiah Grossman
      %A Robert Hansen RSnake ha.ckers.org
      %A Petko D. Petkov gnucitizen.org
      %A Anton Rager
      %A Seth Fogie
      %C 800 Hingham Street, Rockland, MA 02370
      %D 2007
      %G 978-1-59749-154-9 1-59749-154-3
      %I Syngress Media, Inc.
      %O U$59.95 781-681-5151 fax: 781-681-3585 www.syngress.com
      %O http://www.amazon.com/exec/obidos/ASIN/1597491543/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1597491543/robsladesin03-20
      %O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 448 p.
      %T "XSS Attacks: Cross Site Scripting Exploits and Defense"

      Chapter one traces cross-site scripting (XSS) back to early iframe
      security problems, David Rice's 1999 "Script Injection" paper, and
      ensuing discussion; bemoans the confusion surrounding the range of
      technologies and exploits linked to this term; and then seems to say
      that the topic is a risk associated with JavaScript applets and
      particularly the XMLHttpRequest object. In all of this, XSS does not
      get delineated in any definitive manner. A number of utilities for
      probing Websites and Web interactions are briefly described in chapter
      two. Despite the title, chapter three does not provide an explanation
      of "XSS Theory," but simply lists examples of XSS attack code. There
      is little explanation or analysis of the processes involved, and any
      content is specific to the particular commands used, rather than XSS
      concepts. The same emphasis on code is true in chapter four (even
      more so: the code sections are much longer), and in five and six as
      well. Thus, four chapters are simply one long list of code samples
      and snippets, with little tutorial value other than to provide
      specimens for script-kiddies to copy.

      Chapter seven discusses exploit frameworks that can be used to
      automate attacks and tests against the browser. XSS attacks that can
      reproduce or multiply effects are examined in chapter eight.
      Protection and defence is purported to be covered in chapter nine, but
      the material is terse and weak.

      In relation to the page count, the content of the book has slight
      value in terms of teaching what cross-site scripting attacks (as
      opposed to other forms of malware) are, and how to protect against

      copyright Robert M. Slade, 2008 BKXSSATK.RVW 20080308

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      More than any time in history mankind faces a crossroads. One
      path leads to despair and utter hopelessness, the other to total
      extinction. Let us pray that we have the wisdom to choose
      correctly. - Woody Allen
      victoria.tc.ca/techrev/rms.htm en.wikipedia.org/wiki/Robert_Slade
    Your message has been successfully submitted and would be delivered to recipients shortly.