Tag Archives: XSS

Firesheep: HTTP Session Hijacking made so easy !

      1 Comment on Firesheep: HTTP Session Hijacking made so easy !

Way cool ! HTTP Session Hijacking can’t be made simpler than using Firesheep. Couple of days ago, a friend of mine suggested me to login a most popular website and he demonstrated how he took control and accessed my user session in less than a minute. First, I thought he used a network protocol analyser tool such as Wireshark or… Read more »

Top Web 2.0 Security Threats !

      3 Comments on Top Web 2.0 Security Threats !

Web 2.0 is not my forte but I am not ignorant to know its overwhelming adoption and popularity !  In my understanding, Web 2.0 is another Web based application paradigm that enables delivering user-generated content via aggregation, participation and collaboration on the Internet using Web based protocols.  No doubt, everyday a new breed of Web 2.0 application is finding its… Read more »

Top 25 Most Dangerous Programming Errors

      No Comments on Top 25 Most Dangerous Programming Errors

Few weeks ago, US Dept. of Homeland security (National Cyber Security Division) in collaboration with SANS Institute/MITRE teams worked together and released a list of 25 dangerous programming errors as common security flaws, which opens doors for easy exploitation. My first look at this list, I thought it is a old wine in a new bottle as the document sounded… Read more »

How do I prevent Cross-site Scripting (XSS) attacks in J2EE Web applications ?

I received this question from one of our book readers …ofcourse XSS is becoming widely popular. I had my own first-hand experience of XSS by test driving in my lab – believe me – I don’t have malicious intentions or crazy motives. If you want to verify your J2EE Web applications for XSS ulnerability…here is my cooked response – for… Read more »

HTTP response splitting? How-to prevent them in J2EE/Web applications ?

Couple of days ago, I received the above question from one of our readers.  Although I briefly responded to him over email,  I really wanted to explore the known traits for defending this vulnerability : HTTP response splitting is a Web application input validation vulnerability that allows to exploit the HTTP headers of a Web application for initiating attacks leading… Read more »