Slashdot Mirror

← Back to Stories (view on slashdot.org)

XSS Vulnerabilities Reviewed and Re-Classified

Posted by ryuzaki0 on from the breaking-and-entering dept.

An anonymous reader writes "Security Analysts at NeoSmart Technologies have revisited the now-famous XSS-type security vulnerabilities and attempted to re-classify their status as a security vulnerability. The argument is that XSS vulnerabilities are not a mark of bad or insecure code but rather a nasty but unavoidable risk that's a part of JavaScript - and that even then, XSS 'vulnerable' sites are no less dangerous or vulnerable at heart." Are they unavoidable, or just a symptom of lazy coding, or both?

2 of 142 comments (clear)

  1. Well by twalicek · · Score: 5, Funny

    Samy is still my hero.

  2. "XSS is another one of those buzzwords by damburger · · Score: 4, Funny

    ...we prefer to call it an 'unrequested Javascript surplus'"

    But that isn't the best bit:

    "Sites with XSS "vulnerabilities" aren't insecure. They're absoloutely no different than any other site - except that a user can manipulate the way content displays on an "insecure" page"

    Thats like saying 'Pearl Harbour wasn't "vunerable". It was absolutely no different than any other naval base - except that the Japanese could drop bombs on it'

    --
    If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?